diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cc519243..eab40346 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -62,7 +62,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Build the container - run: docker build -t ubuntucontainer tss-esapi/tests/ --build-arg TPM2_TSS_VERSION=4.0.1 --file tss-esapi/tests/Dockerfile-ubuntu --target tpm2-tss-install-dir + run: docker build -t ubuntucontainer tss-esapi/tests/ --build-arg TPM2_TSS_VERSION=4.1.3 --file tss-esapi/tests/Dockerfile-ubuntu --target tpm2-tss-install-dir - name: Run the container run: docker run -v $(pwd):/tmp/rust-tss-esapi -w /tmp/rust-tss-esapi/tss-esapi ubuntucontainer /tmp/rust-tss-esapi/tss-esapi/tests/all-ubuntu.sh diff --git a/tss-esapi-sys/Cargo.toml b/tss-esapi-sys/Cargo.toml index 5cba60b4..9ed6186e 100644 --- a/tss-esapi-sys/Cargo.toml +++ b/tss-esapi-sys/Cargo.toml @@ -14,11 +14,16 @@ links = "tss2-esys" rust-version = "1.74.0" [build-dependencies] -bindgen = { version = "0.70.1", optional = true } +bindgen = { version = "0.72.0", optional = true } pkg-config = "0.3.18" -target-lexicon = "0.12.0" +target-lexicon = "0.13.2" cfg-if = "1.0.0" semver = "1.0.7" +autotools = { version = "0.2.6", optional = true } + +[target.'cfg(windows)'.build-dependencies] +msbuild = { version = "0.2.0", optional = true } [features] generate-bindings = ["bindgen"] +bundled = ["dep:autotools", "dep:msbuild"] diff --git a/tss-esapi-sys/README.md b/tss-esapi-sys/README.md index e353796e..82782436 100644 --- a/tss-esapi-sys/README.md +++ b/tss-esapi-sys/README.md @@ -13,12 +13,12 @@ interface to Rust to [TSS](https://github.com/tpm2-software/tpm2-tss). This crate exposes an interface for the TSS Enhanced System API and thus links to libraries that expose this interface. In order to allow proper use -of the ESAPI, this FFI layer includes bindings to TCTI and MU headers, and +of the ESAPI, this FFI layer includes bindings to TCTI and MU headers, and must therefore link to all of them at build time. The paths to the libraries are discovered using `pkg-config` - make sure they -are discoverable in this way on your system. Our build script looks for -`tss2-esys`, `tss2-tctildr` and `tss2-mu`. A minimum version of `4.0.1` is +are discoverable in this way on your system. Our build script looks for +`tss2-esys`, `tss2-tctildr` and `tss2-mu`. A minimum version of `4.1.3` is required for all of them. Having installed the open-source implementation libraries at `/usr/local/lib` (by default), it @@ -41,9 +41,72 @@ available, feel free to raise a Pull Request to add it or to use build-time generation of bindings. All the committed bindings **MUST** be generated from the library version found under the `vendor` submodule. +## Bundling TPM-TSS + +[`tpm-tss`](https://github.com/tpm2-software/tpm2-tss) is used by this +library to communicate with TPMs. If this library is not available on +your system you may optionally bundle (vendor) tpm-tss during builds. +tpm-tss can be provided from a local source path with the +environment variable `TPM_TSS_SOURCE_PATH` or it will be retrieved from +Github during the build. The version to retrieve can be controlled by setting +the `TPM2_TSS_SOURCE_VERSION` environment variable. +[!IMPORTANT] +On windows it might be necessary to manually create the VERSION file +when a local source is being used. + +To enable this feature: + +```bash +cargo build --features=bundled +``` + +```bash +TPM2_TSS_VERSION="4.1.3" cargo build --features=bundled +``` + +```bash +TPM_TSS_SOURCE_PATH=/path/to/tpm-tss cargo build --features=bundled +``` + +If using this feature from an external project + +``` +tss-esapi-sys = { version = "...", features = ["bundled"] } +``` + +### Windows + +Compiling for windows requires a bit of setup to work with the bundled feature. + +* OpenSSL must be installed to a non-standard location at `C:\OpenSSL-v11-Win64` +* Visual Studio 2019 must be installed with the Clang/C2 experimental component, + and windows sdk 10.0 (Other versions of Visual Studio may work but are untested + at this point). + +### MacOS + +Compiling on MacOS requires the bundling feature. This requires dependencies +from brew. + +```bashbre +brew install autoconf autoconf-archive automake json-c libtool m4 pkg-config +``` + +Optionally you may require these libraries for certain classes of TPM transport + +``` +brew install libftdi +``` + +### OpenSUSE / SUSE + +``` +sudo zypper in autoconf autoconf-archive automake libjson-c-devel libtool libtpms-devel gawk make +``` + ## Cross compiling -Cross-compilation can be done as long as you have on your build system the TSS +Cross-compilation can be done as long as you have on your build system the TSS libraries compiled for your target system of choice. We rely on `pkg-config` to identify the libraries which we link against. Installing `tpm2-tss` does yield `.pc` files which can be used for this purpose, but depending on the exact build diff --git a/tss-esapi-sys/build.rs b/tss-esapi-sys/build.rs index 56501d48..ca342baf 100644 --- a/tss-esapi-sys/build.rs +++ b/tss-esapi-sys/build.rs @@ -8,11 +8,38 @@ fn main() { } cfg_if::cfg_if! { - if #[cfg(feature = "generate-bindings")] { + // If `TPM2_TSS_SOURCE_PATH` is set when using bundled then the code + // is expected to be located in that path and will not be downloaded from + // github. + // N.B. On windows it might be necessary to add the VERSION file + // manually because tpm2-tss does not create it when compiling. + + if #[cfg(all(feature = "bundled", feature = "generate-bindings"))] { + // Bundled and generate bindings for the case when + // it should be bundled with a non minimal version + // of tpm2-tss. + // Library source code will be either downloaded or read from a path, built and + // statically linked in the build step. + let out_dir = std::path::PathBuf::from(std::env::var("OUT_DIR").unwrap()); + let installation = tpm2_tss::Installation::bundled(out_dir.as_path()); + installation.generate_bindings(&out_dir.join("tss_esapi_bindings.rs")); + } else if #[cfg(all(feature = "bundled", not(feature = "generate-bindings")))] { + // Bundled with the minimum supported version of tpm2-tss and the pre generated + // bindings will be used. + // Library source code will be either downloaded or read from a path, built and + // statically linked in the build step. + target::ensure_supported(); + let out_dir = std::path::PathBuf::from(std::env::var("OUT_DIR").unwrap()); + let installation = tpm2_tss::Installation::bundled(out_dir.as_path()); + } else if #[cfg(all(not(feature = "bundled"), feature = "generate-bindings"))] { + // Not bundled only generate the bindings and build against them. + // The library files are expected to exist locally. let installation = tpm2_tss::Installation::probe(true); let out_dir = std::path::PathBuf::from(std::env::var("OUT_DIR").unwrap()); installation.generate_bindings(&out_dir.join("tss_esapi_bindings.rs")); } else { + // Not bundled and using the pre generated bindings and build against them. + // Library files are expected to exist locally. target::ensure_supported(); let _ = tpm2_tss::Installation::probe(false); } @@ -33,7 +60,7 @@ pub mod target { match (target.architecture, target.operating_system) { (Architecture::Arm(_), OperatingSystem::Linux) | (Architecture::Aarch64(_), OperatingSystem::Linux) - | (Architecture::X86_64, OperatingSystem::Darwin) + | (Architecture::X86_64, OperatingSystem::Darwin(_)) | (Architecture::X86_64, OperatingSystem::Linux) => {} (arch, os) => { panic!( @@ -52,8 +79,10 @@ pub mod tpm2_tss { fs::read_dir, path::{Path, PathBuf}, }; - const MINIMUM_VERSION: &str = "4.0.1"; - const PATH_ENV_VAR_NAME: &str = "TPM2_TSS_PATH"; + + // General constants + const MINIMUM_VERSION: &str = "4.1.3"; + const INSTALLATION_PATH_ENV_VAR_NAME: &str = "TPM2_TSS_PATH"; /// The installed tpm2-tss libraries that are of /// interest. @@ -70,6 +99,26 @@ pub mod tpm2_tss { } impl Installation { + #[cfg(feature = "bundled")] + /// Uses a bundled build for the installation. + pub fn bundled(out_path: &Path) -> Self { + let version = Self::version(); + let source_path = Self::source(out_path, &version); + Self::compile(&source_path); + Self { + _tss2_sys: Library::bundled_required("tss2-sys", &source_path, &version, false), + tss2_esys: Library::bundled_required("tss2-esys", &source_path, &version, true), + tss2_tctildr: Library::bundled_required( + "tss2-tctildr", + &source_path, + &version, + false, + ), + tss2_mu: Library::bundled_required("tss2-mu", &source_path, &version, false), + tss2_tcti_tbs: Library::bundled_optional("tss2-tcti-tbs", &source_path, &version), + } + } + /// Probes the system for an installation. pub fn probe(with_header_files: bool) -> Self { let install_path = Installation::installation_path_from_env_var(); @@ -106,63 +155,102 @@ pub mod tpm2_tss { } } - cfg_if::cfg_if! { - if #[cfg(feature = "generate-bindings")] { + /// Generates bindings for the Installation. + #[cfg(feature = "generate-bindings")] + pub fn generate_bindings(&self, esapi_out: &Path) { + self.bindgen_builder() + .generate() + .expect("Unable to generate bindings to TSS2 ESYS APIs.") + .write_to_file(esapi_out) + .expect("Couldn't write ESYS bindings!"); + } - /// Generates bindings for the Installation. - pub fn generate_bindings(&self, esapi_out: &Path) { - self.bindgen_builder() - .generate() - .expect("Unable to generate bindings to TSS2 ESYS APIs.") - .write_to_file(esapi_out) - .expect("Couldn't write ESYS bindings!"); - } + /// The bindgen builder to use. + #[cfg(feature = "generate-bindings")] + fn bindgen_builder(&self) -> bindgen::Builder { + // Creates the general builder. + let builder = bindgen::Builder::default() + .size_t_is_usize(false) + .rust_target( + bindgen::RustTarget::stable(73, 0) + .expect("Rust version 1.73.0 should be a stable release"), + ) // lower or equal to MSRV. + .clang_arg(self.tss2_esys.include_dir_arg()) + .clang_arg(self.tss2_tctildr.include_dir_arg()) + .clang_arg(self.tss2_mu.include_dir_arg()) + .formatter(bindgen::Formatter::Rustfmt) + .header(self.tss2_esys.header_file_arg()) + .header(self.tss2_tctildr.header_file_arg()) + .header(self.tss2_mu.header_file_arg()) + //See this issue: https://github.com/parallaxsecond/rust-cryptoki/issues/12 + .generate_comments(false) + .blocklist_type("max_align_t") + .derive_default(true); + // Add platform specific args. + self.add_platform_args(builder) + } - /// The bindgen builder to use. - fn bindgen_builder(&self) -> bindgen::Builder { - let mut builder = bindgen::Builder::default() - .size_t_is_usize(false) - .rust_target(bindgen::RustTarget::Stable_1_73) // lower or equal to MSRV. - .clang_arg(self.tss2_esys.include_dir_arg()) - .clang_arg(self.tss2_tctildr.include_dir_arg()) - .clang_arg(self.tss2_mu.include_dir_arg()) - .formatter(bindgen::Formatter::Rustfmt) - .header(self.tss2_esys.header_file_arg()) - .header(self.tss2_tctildr.header_file_arg()) - .header(self.tss2_mu.header_file_arg()) - //See this issue: https://github.com/parallaxsecond/rust-cryptoki/issues/12 - .generate_comments(false) - .blocklist_type("max_align_t") - // Needed for windows - .blocklist_type("IMAGE_TLS_DIRECTORY") - .blocklist_type("PIMAGE_TLS_DIRECTORY") - .blocklist_type("IMAGE_TLS_DIRECTORY64") - .blocklist_type("PIMAGE_TLS_DIRECTORY64") - .blocklist_type("_IMAGE_TLS_DIRECTORY64") - .blocklist_type("MONITORINFOEX") - .blocklist_type("MONITORINFOEXA") - .blocklist_type("MONITORINFOEXW") - .blocklist_type("tagMONITORINFOEXA") - .blocklist_type("tagMONITORINFOEXW") - .blocklist_type("LPMONITORINFOEX") - .blocklist_type("LPMONITORINFOEXA") - .blocklist_type("LPMONITORINFOEXW") - .derive_default(true); - if let Some(tss2_tcti_tbs) = &self.tss2_tcti_tbs { - builder = builder - .clang_arg(tss2_tcti_tbs.include_dir_arg()) - .header(tss2_tcti_tbs.header_file_arg()); - } + /// Adds arguments to the bindgen builder that are platform specific. + #[cfg(feature = "generate-bindings")] + fn add_platform_args(&self, builder: bindgen::Builder) -> bindgen::Builder { + cfg_if::cfg_if! { + if #[cfg(windows)] { + self.add_windows_platform_args(builder) + } else { builder } } } + + // Adds arguments to the bindgen builder that are specific for Windows. + #[cfg(all(windows, feature = "generate-bindings"))] + fn add_windows_platform_args(&self, mut builder: bindgen::Builder) -> bindgen::Builder { + if let Some(tss2_tcti_tbs) = &self.tss2_tcti_tbs { + builder = builder + .clang_arg(tss2_tcti_tbs.include_dir_arg()) + .header(tss2_tcti_tbs.header_file_arg()); + } + + const MINIMUM_WIN_SDK_VERSION: &str = "10.0.17134.0"; + + let min_sdk_version = Some( + msbuild::win_sdk::WinSdkVersion::parse(MINIMUM_WIN_SDK_VERSION) + .expect("Could not parse the Win SDK version."), + ); + + let win_sdk = msbuild::win_sdk::WinSdk::find_in_range(None, min_sdk_version) + .expect("Unable to find a Win SDK in version range."); + + builder + .clang_arg(format!("-I{}", win_sdk.include_dirs().ucrt_dir().display())) + .clang_arg(format!("-I{}", win_sdk.include_dirs().um_dir().display())) + .clang_arg(format!( + "-I{}", + win_sdk.include_dirs().shared_dir().display() + )) + .blocklist_type("IMAGE_TLS_DIRECTORY") + .blocklist_type("PIMAGE_TLS_DIRECTORY") + .blocklist_type("IMAGE_TLS_DIRECTORY64") + .blocklist_type("PIMAGE_TLS_DIRECTORY64") + .blocklist_type("_IMAGE_TLS_DIRECTORY64") + .blocklist_type("MONITORINFOEX") + .blocklist_type("MONITORINFOEXA") + .blocklist_type("MONITORINFOEXW") + .blocklist_type("tagMONITORINFOEXA") + .blocklist_type("tagMONITORINFOEXW") + .blocklist_type("LPMONITORINFOEX") + .blocklist_type("LPMONITORINFOEXA") + .blocklist_type("LPMONITORINFOEXW") + } + /// Retrieves the installation path from the environment variable and validates it. fn installation_path_from_env_var() -> Option<(PathBuf, String)> { - std::env::var(PATH_ENV_VAR_NAME).map_or_else( + std::env::var(INSTALLATION_PATH_ENV_VAR_NAME).map_or_else( |e| match e { std::env::VarError::NotUnicode(invalid_value) => { - panic!("Invalid `{PATH_ENV_VAR_NAME}` env var: `{invalid_value:?}`."); + panic!( + "Invalid `{INSTALLATION_PATH_ENV_VAR_NAME}` env var: `{invalid_value:?}`." + ); } std::env::VarError::NotPresent => None, }, @@ -192,20 +280,20 @@ pub mod tpm2_tss { let install_path = PathBuf::from(env_var); if !install_path.is_dir() { panic!( - "The tpm2-tss installation path `{PATH_ENV_VAR_NAME}` specifies an existing directory (`{}`).", + "The tpm2-tss installation path `{INSTALLATION_PATH_ENV_VAR_NAME}` specifies an existing directory (`{}`).", install_path.to_string_lossy() ); } if !install_path.join("include").is_dir() { panic!( - "The tpm2-tss installation path `{PATH_ENV_VAR_NAME}` specifies a path `{}`, that does not \ + "The tpm2-tss installation path `{INSTALLATION_PATH_ENV_VAR_NAME}` specifies a path `{}`, that does not \ contain an `include` directory", install_path.to_string_lossy() ); } if !install_path.join("lib").is_dir() { panic!( - "The tpm2-tss installation path `{PATH_ENV_VAR_NAME}` specifies a path `{}`, that does not \ + "The tpm2-tss installation path `{INSTALLATION_PATH_ENV_VAR_NAME}` specifies a path `{}`, that does not \ contain an `lib` directory", install_path.to_string_lossy() ); @@ -213,16 +301,16 @@ pub mod tpm2_tss { let version_str = std::fs::read_to_string(install_path.join("VERSION")).unwrap_or_else(|e| { panic!( - "The tpm2-tss installation path `{PATH_ENV_VAR_NAME}` specifies a path `{}`, that does not \ + "The tpm2-tss installation path `{INSTALLATION_PATH_ENV_VAR_NAME}` specifies a path `{}`, that does not \ contain a readable VERSION file: {e}.", install_path.to_string_lossy() ); }); let version = Version::parse(version_str.trim()).unwrap_or_else(|e| { panic!( - "The tpm2-tss installation path `{PATH_ENV_VAR_NAME}` specifies a path `{}`, contains a \ + "The tpm2-tss installation path `{INSTALLATION_PATH_ENV_VAR_NAME}` specifies a path `{}`, contains a \ VERSION file that cannot be parsed: {e}.", - install_path.to_string_lossy() + install_path.to_string_lossy(), ); }); @@ -235,10 +323,10 @@ pub mod tpm2_tss { }); if !min_version_req.matches(&version) { panic!( - "The tpm2-tss installation path `{PATH_ENV_VAR_NAME}` specifies a path `{}`, contains a \ + "The tpm2-tss installation path `{INSTALLATION_PATH_ENV_VAR_NAME}` specifies a path `{}`, contains a \ VERSION file that specifies a version `{version_str}` that does not meet the minimum \ version requirement `{MINIMUM_VERSION}`.", - install_path.to_string_lossy() + install_path.to_string_lossy(), ); } println!( @@ -247,6 +335,196 @@ pub mod tpm2_tss { ); (install_path, version_str) } + + /// Builds the source and. + /// + /// # Details + /// Tries to detect the appropriate way to build the source + /// code. + #[cfg(feature = "bundled")] + fn compile(source_path: &Path) { + cfg_if::cfg_if! { + if #[cfg(windows)] { + let msbuild_max_version = None; + let msbuild_min_version = Some(msbuild::ProductLineVersion::Vs2017.installation_version_min()); + let msbuild = msbuild::MsBuild::find_msbuild_in_range(msbuild_max_version, msbuild_min_version) + .expect("Failed to find an installed version of msbuild in the necessary version range."); + let profile = std::env::var("PROFILE").unwrap(); + let build_string = match profile.as_str() { + "debug" => "", + "release" => "/p:Configuration=Release", + _ => panic!("Unknown cargo profile:"), + }; + + msbuild.run(source_path, &[ + build_string, + "tpm2-tss.sln"]).unwrap_or_else(|e| {panic!("Failed to run msbuild: {e:?}")}); + + // This should be done by tpm2-tss when building it but it does not + // happen on windows (yet..?). + use std::io::Write; + let version_file_path = source_path.join("VERSION"); + if !version_file_path.is_file() { + let mut version_file = std::fs::File::create(version_file_path) + .expect("Unable to create version file for tpm2-tss"); + write!(version_file, "{}", Self::version()) + .unwrap_or_else(|e| panic!("Failed to write version file: {e}")); + } + } + else { + let install_path = Self::compile_with_autotools(source_path); + std::env::set_var( + "PKG_CONFIG_PATH", + format!("{}", install_path.join("lib").join("pkgconfig").display()), + ); + } + } + } + + #[cfg(all(feature = "bundled", not(windows)))] + fn compile_with_autotools(p: &Path) -> PathBuf { + let output1 = std::process::Command::new("./bootstrap") + .current_dir(p) + .output() + .expect("bootstrap script failed"); + let status = output1.status; + if !status.success() { + panic!("{p:?}/bootstrap script failed with {status}:\n{output1:?}"); + } + + let mut config = autotools::Config::new(p); + config + // Force configuration of the autotools env + .reconf("-fiv") + // skip ./configure if no parameter changes are made + .fast_build(true) + .enable("esys", None) + // Disable fapi as we only use esys + .disable("fapi", None) + .disable("fapi-async-tests", None) + // Disable integration tests + .disable("integration", None) + // Don't allow weak crypto + .disable("weakcrypto", None) + .build() + } + + /// Fetch version to use. + /// + /// Tries to retrieve a version to use for bundled builds + /// from en environment variable. If it does not exist then + /// it defaults to the minimum version. + /// + /// # Returns + /// The version of tpm2-tss to be used when building bundled. + #[cfg(feature = "bundled")] + fn version() -> String { + const VERSION_ENV_VAR_NAME: &str = "TPM2_TSS_SOURCE_VERSION"; + std::env::var(VERSION_ENV_VAR_NAME).unwrap_or_else(|e| match e { + std::env::VarError::NotUnicode(invalid_value) => { + panic!("Invalid `{VERSION_ENV_VAR_NAME}` env var: `{invalid_value:?}`."); + } + std::env::VarError::NotPresent => MINIMUM_VERSION.to_string(), + }) + } + + /// Fetch the source code path. + /// + /// # Returns + /// The path to tpm2-tss source code to be used. + #[cfg(feature = "bundled")] + fn source(out_path: &Path, version: &str) -> std::path::PathBuf { + const REPO: &str = "https://github.com/tpm2-software/tpm2-tss.git"; + const NAME: &str = "tpm2-tss"; + Self::source_path_from_env_var() + .unwrap_or_else(|| Self::fetch_source(out_path, NAME, REPO, version)) + } + + /// Fetch the given source repo using git + /// + /// # Details + /// Uses a the git application that is installed locally in order + /// to execute git commands. + /// + /// # Args + /// `dest_path` - The destination to where the source should be downloaded. + /// `name` - The name of of the repository. + /// `repo` - The path to the repository (web or local). + /// `branch` - The branch to fetch. + /// + /// # Returns + /// The path to the downloaded repository in the form of a PathBuf. + #[cfg(feature = "bundled")] + fn fetch_source( + dest_path: &Path, + name: &str, + repo: &str, + branch: &str, + ) -> std::path::PathBuf { + let repo_path = dest_path.join(name); + if !repo_path.join("Makefile.am").exists() { + let output = std::process::Command::new("git") + .args(["clone", repo, "--depth", "1", "--branch", branch]) + .current_dir(dest_path) + .output() + .unwrap_or_else(|_| panic!("git clone for {name} failed")); + let status = output.status; + if !status.success() { + panic!("git clone for {name} returned failure status {status}:\n{output:?}"); + } + } + repo_path + } + + /// Extracts the source path from the environment variable. + /// + /// # Details + /// Extracts the source code path from the environment variable, + /// if it exits, and checks that it is valid. + /// + /// # Returns + /// The source code path if the environment variable was + /// set, else None. + #[cfg(feature = "bundled")] + fn source_path_from_env_var() -> Option { + const SOURCE_PATH_ENV_VAR_NAME: &str = "TPM2_TSS_SOURCE_PATH"; + std::env::var(SOURCE_PATH_ENV_VAR_NAME).map_or_else( + |e| match e { + std::env::VarError::NotUnicode(invalid_value) => { + panic!( + "Invalid `{SOURCE_PATH_ENV_VAR_NAME}` env var: `{invalid_value:?}`." + ); + } + std::env::VarError::NotPresent => None, + }, + |var| { + let source_path = PathBuf::from(var.as_str()); + if !source_path.is_dir() { + panic!( + "Invalid `{SOURCE_PATH_ENV_VAR_NAME}` env var. `{:?}` is not a directory.", + var.as_str() + ); + } + let is_empty_dir = source_path + .read_dir() + .unwrap_or_else(|e| { + panic!( + "Invalid `{SOURCE_PATH_ENV_VAR_NAME}` env var. Unable to read dir `{:?}`. \n {e:?}", + var.as_str(), + ) + }) + .next() + .is_none(); + if is_empty_dir { + panic!( + "Invalid `{SOURCE_PATH_ENV_VAR_NAME}` env var. `{:?}` is an empty directory.", + var.as_str() + ); + } + Some(source_path) + }, + ) + } } /// Struct holding the information for a library. @@ -286,7 +564,7 @@ pub mod tpm2_tss { }, |lib| { if report_version { - println!("cargo:version={}", lib.version); + Self::report_version(&lib.version); } lib }, @@ -315,13 +593,74 @@ pub mod tpm2_tss { with_header_files, ); } - Self::probe_pkg_config_optional(lib_name, with_header_files) + Self::probe_pkg_config_optional(lib_name, with_header_files, MINIMUM_VERSION) + } + + /// Creates a bundled required library. + /// + /// # Arguments + /// `lib_name` - The name of the library. + /// `source_path` - Path to the source code. + /// `lib_version` - The version of the library. + /// `report_to_cargo` - Flag indicating if the version and linking information + /// of the library should be reported to Cargo. + /// + /// # Returns + /// The bundled library. + #[cfg(feature = "bundled")] + pub fn bundled_required( + lib_name: &str, + source_path: &Path, + lib_version: &str, + report_to_cargo: bool, + ) -> Self { + let lib = + Self::bundled_optional(lib_name, source_path, lib_version).unwrap_or_else(|| { + panic!("Failed to find {lib_name} library of version {lib_version} or greater.") + }); + + if report_to_cargo { + Self::report_version(&lib.version); + Self::report_search_paths(source_path); + } + lib + } + + /// Creates a bundled optional library. + /// + /// # Arguments + /// `lib_name` - The name of the library. + /// `source_path` - Path to the source code. + /// `lib_version` - The version of the library. + /// + /// # Returns + /// The bundled library if it was found else None. + #[cfg(feature = "bundled")] + pub fn bundled_optional( + lib_name: &str, + _source_path: &Path, + lib_version: &str, + ) -> Option { + cfg_if::cfg_if! { + if #[cfg(windows)] { + let include_path = _source_path.join("include").join("tss2"); + println!("cargo:rustc-link-lib=dylib={lib_name}"); + Some(Self { + header_file: Self::header_file(lib_name, &include_path, true), + version: lib_version.to_string(), + name: lib_name.to_string(), + }) + } else { + // PKG_CONFIG_PATH is setup in the compile step for bundled. + Self::probe_pkg_config_optional(lib_name, true, lib_version) + } + } } /// The include dir `clang_arg` bindgen builder argument. /// /// # Panics - /// - If the library was probe without requiring header files. + /// - If the library was probed without requiring header files. /// - If the library specifies a header file does not have a parent directory. /// - If the library specifies a header file path that contain invalid utf-8 characters. #[allow(unused)] @@ -370,9 +709,13 @@ pub mod tpm2_tss { /// # Args /// `lib_name` - The name of the library. /// `with_header_files` - Flag indicating if header files are required. - fn probe_pkg_config_optional(lib_name: &str, with_header_files: bool) -> Option { + fn probe_pkg_config_optional( + lib_name: &str, + with_header_files: bool, + lib_version: &str, + ) -> Option { pkg_config::Config::new() - .atleast_version(MINIMUM_VERSION) + .atleast_version(lib_version) .probe(lib_name) .ok() .map(|pkg_config| { @@ -400,9 +743,9 @@ pub mod tpm2_tss { /// static linking purposes. /// /// # Arguments - /// `lib_name` - The name of the library to probe for. - /// `path` - The path to probe for the library. - /// `version` - The version of the library. + /// `lib_name` - The name of the library to probe for. + /// `path` - The path to probe for the library. + /// `lib_version` - The version of the library. /// /// # Returns /// A `Library` object containing the information retrieved if one @@ -414,7 +757,7 @@ pub mod tpm2_tss { fn probe_install_path_optional( lib_name: &str, path: &Path, - version: &str, + lib_version: &str, with_header_files: bool, ) -> Option { let lib_path = path.join("lib"); @@ -425,7 +768,7 @@ pub mod tpm2_tss { let include_path = path.join("include/tss2"); Some(Self { header_file: Self::header_file(lib_name, &include_path, with_header_files), - version: version.to_string(), + version: lib_version.to_string(), name: lib_name.to_string(), }) } @@ -503,5 +846,35 @@ pub mod tpm2_tss { } Some(header_file) } + + /// Reports the library version to Cargo. + /// + /// # Arguments + /// `lib_version` - The version of the library. + fn report_version(lib_version: &str) { + println!("cargo:version={lib_version}"); + } + + /// Reports search paths too Cargo. + /// + /// # Arguments + /// `source_path` - Path to the source code. + #[cfg(feature = "bundled")] + fn report_search_paths(_source_path: &Path) { + cfg_if::cfg_if! { + if #[cfg(windows)] { + let profile = std::env::var("PROFILE").unwrap(); + let build_string = match profile.as_str() { + "debug" => "Debug", + "release" => "Release", + _ => panic!("Unknown cargo profile: {}", profile), + }; + println!( + "cargo:rustc-link-search=dylib={}", + _source_path.join("x64").join(build_string).display() + ); + } + } + } } } diff --git a/tss-esapi-sys/regenerate-bindings.sh b/tss-esapi-sys/regenerate-bindings.sh index c6acc00d..eeda865b 100755 --- a/tss-esapi-sys/regenerate-bindings.sh +++ b/tss-esapi-sys/regenerate-bindings.sh @@ -11,7 +11,7 @@ set -euf -o pipefail OPENSSL_GIT="https://github.com/openssl/openssl.git" OPENSSL_VERSION="OpenSSL_1_1_1j" TPM2_TSS_GIT="https://github.com/tpm2-software/tpm2-tss.git" -TPM2_TSS_VERSION="4.0.1" +TPM2_TSS_VERSION="4.1.3" export SYSROOT="/tmp/sysroot" @@ -48,7 +48,7 @@ cross-compile-openssl() { cross-compile-tpm2-tss() { pushd /tmp/tpm2-tss [ ! -f configure ] && ./bootstrap - ./configure --disable-fapi --disable-policy --prefix=/ --build=x86_64-pc-linux-gnu --host=$1 --target=$1 CC=$1-gcc + ./configure --disable-fapi --disable-policy --disable-tcti-spidev --disable-tcti-spi-ltt2go --disable-tcti-spi-ftdi --disable-tcti-i2c-ftdi --disable-tcti-i2c-helper --prefix=/ --build=x86_64-pc-linux-gnu --host=$1 --target=$1 CC=$1-gcc make clean make -j$(nproc) make DESTDIR="$SYSROOT" install diff --git a/tss-esapi-sys/src/bindings/aarch64-unknown-linux-gnu.rs b/tss-esapi-sys/src/bindings/aarch64-unknown-linux-gnu.rs index 13c45405..1b94e177 100644 --- a/tss-esapi-sys/src/bindings/aarch64-unknown-linux-gnu.rs +++ b/tss-esapi-sys/src/bindings/aarch64-unknown-linux-gnu.rs @@ -1,5 +1,5 @@ -/* automatically generated by rust-bindgen 0.70.1 */ -/* TPM2_TSS_VERSION="4.0.1" */ +/* automatically generated by rust-bindgen 0.72.0 */ +/* TPM2_TSS_VERSION="4.1.3" */ pub const _STDINT_H: u32 = 1; pub const _FEATURES_H: u32 = 1; @@ -239,6 +239,14 @@ pub const ESYS_TR_RH_LOCKOUT: u32 = 266; pub const ESYS_TR_RH_ENDORSEMENT: u32 = 267; pub const ESYS_TR_RH_PLATFORM: u32 = 268; pub const ESYS_TR_RH_PLATFORM_NV: u32 = 269; +pub const ESYS_TR_RH_FW_OWNER: u32 = 270; +pub const ESYS_TR_RH_FW_ENDORSEMENT: u32 = 271; +pub const ESYS_TR_RH_FW_PLATFORM: u32 = 272; +pub const ESYS_TR_RH_FW_NULL: u32 = 273; +pub const ESYS_TR_RH_SVN_OWNER_BASE: u32 = 16842752; +pub const ESYS_TR_RH_SVN_ENDORSEMENT_BASE: u32 = 16908288; +pub const ESYS_TR_RH_SVN_PLATFORM_BASE: u32 = 16973824; +pub const ESYS_TR_RH_SVN_NULL_BASE: u32 = 17039360; pub const ESYS_TR_RH_AUTH_FIRST: u32 = 272; pub const ESYS_TR_RH_ACT_FIRST: u32 = 288; pub const ESYS_TR_RH_ACT_0: u32 = 288; @@ -9519,6 +9527,30 @@ pub type ESYS_CRYPTO_AES_DECRYPT_FNP = ::std::option::Option< userdata: *mut ::std::os::raw::c_void, ) -> TSS2_RC, >; +pub type ESYS_CRYPTO_SM4_ENCRYPT_FNP = ::std::option::Option< + unsafe extern "C" fn( + key: *mut u8, + tpm_sym_alg: TPM2_ALG_ID, + key_bits: TPMI_SM4_KEY_BITS, + tpm_mode: TPM2_ALG_ID, + buffer: *mut u8, + buffer_size: size_t, + iv: *mut u8, + userdata: *mut ::std::os::raw::c_void, + ) -> TSS2_RC, +>; +pub type ESYS_CRYPTO_SM4_DECRYPT_FNP = ::std::option::Option< + unsafe extern "C" fn( + key: *mut u8, + tpm_sym_alg: TPM2_ALG_ID, + key_bits: TPMI_SM4_KEY_BITS, + tpm_mode: TPM2_ALG_ID, + buffer: *mut u8, + buffer_size: size_t, + iv: *mut u8, + userdata: *mut ::std::os::raw::c_void, + ) -> TSS2_RC, +>; pub type ESYS_CRYPTO_PK_RSA_ENCRYPT_FNP = ::std::option::Option< unsafe extern "C" fn( pub_tpm_key: *mut TPM2B_PUBLIC, @@ -9549,6 +9581,8 @@ pub struct ESYS_CRYPTO_CALLBACKS { pub get_ecdh_point: ESYS_CRYPTO_GET_ECDH_POINT_FNP, pub aes_encrypt: ESYS_CRYPTO_AES_ENCRYPT_FNP, pub aes_decrypt: ESYS_CRYPTO_AES_DECRYPT_FNP, + pub sm4_encrypt: ESYS_CRYPTO_SM4_ENCRYPT_FNP, + pub sm4_decrypt: ESYS_CRYPTO_SM4_DECRYPT_FNP, pub init: ESYS_CRYPTO_INIT_FNP, pub userdata: *mut ::std::os::raw::c_void, } @@ -9559,7 +9593,7 @@ fn bindgen_test_layout_ESYS_CRYPTO_CALLBACKS() { let ptr = UNINIT.as_ptr(); assert_eq!( ::std::mem::size_of::(), - 120usize, + 136usize, "Size of ESYS_CRYPTO_CALLBACKS" ); assert_eq!( @@ -9633,13 +9667,23 @@ fn bindgen_test_layout_ESYS_CRYPTO_CALLBACKS() { "Offset of field: ESYS_CRYPTO_CALLBACKS::aes_decrypt" ); assert_eq!( - unsafe { ::std::ptr::addr_of!((*ptr).init) as usize - ptr as usize }, + unsafe { ::std::ptr::addr_of!((*ptr).sm4_encrypt) as usize - ptr as usize }, 104usize, + "Offset of field: ESYS_CRYPTO_CALLBACKS::sm4_encrypt" + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).sm4_decrypt) as usize - ptr as usize }, + 112usize, + "Offset of field: ESYS_CRYPTO_CALLBACKS::sm4_decrypt" + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).init) as usize - ptr as usize }, + 120usize, "Offset of field: ESYS_CRYPTO_CALLBACKS::init" ); assert_eq!( unsafe { ::std::ptr::addr_of!((*ptr).userdata) as usize - ptr as usize }, - 112usize, + 128usize, "Offset of field: ESYS_CRYPTO_CALLBACKS::userdata" ); } @@ -14782,6 +14826,13 @@ extern "C" { extern "C" { pub fn Tss2_TctiLdr_FreeInfo(info: *mut *mut TSS2_TCTI_INFO); } +extern "C" { + pub fn Tss2_Tcti_TctiLdr_Init( + tctiContext: *mut TSS2_TCTI_CONTEXT, + size: *mut size_t, + nameConf: *const ::std::os::raw::c_char, + ) -> TSS2_RC; +} extern "C" { pub fn Tss2_MU_INT8_Marshal( src: INT8, diff --git a/tss-esapi-sys/src/bindings/arm-unknown-linux-gnueabi.rs b/tss-esapi-sys/src/bindings/arm-unknown-linux-gnueabi.rs index 7df5202b..931d0b65 100644 --- a/tss-esapi-sys/src/bindings/arm-unknown-linux-gnueabi.rs +++ b/tss-esapi-sys/src/bindings/arm-unknown-linux-gnueabi.rs @@ -1,5 +1,5 @@ -/* automatically generated by rust-bindgen 0.70.1 */ -/* TPM2_TSS_VERSION="4.0.1" */ +/* automatically generated by rust-bindgen 0.72.0 */ +/* TPM2_TSS_VERSION="4.1.3" */ pub const _STDINT_H: u32 = 1; pub const _FEATURES_H: u32 = 1; @@ -241,6 +241,14 @@ pub const ESYS_TR_RH_LOCKOUT: u32 = 266; pub const ESYS_TR_RH_ENDORSEMENT: u32 = 267; pub const ESYS_TR_RH_PLATFORM: u32 = 268; pub const ESYS_TR_RH_PLATFORM_NV: u32 = 269; +pub const ESYS_TR_RH_FW_OWNER: u32 = 270; +pub const ESYS_TR_RH_FW_ENDORSEMENT: u32 = 271; +pub const ESYS_TR_RH_FW_PLATFORM: u32 = 272; +pub const ESYS_TR_RH_FW_NULL: u32 = 273; +pub const ESYS_TR_RH_SVN_OWNER_BASE: u32 = 16842752; +pub const ESYS_TR_RH_SVN_ENDORSEMENT_BASE: u32 = 16908288; +pub const ESYS_TR_RH_SVN_PLATFORM_BASE: u32 = 16973824; +pub const ESYS_TR_RH_SVN_NULL_BASE: u32 = 17039360; pub const ESYS_TR_RH_AUTH_FIRST: u32 = 272; pub const ESYS_TR_RH_ACT_FIRST: u32 = 288; pub const ESYS_TR_RH_ACT_0: u32 = 288; @@ -9488,6 +9496,30 @@ pub type ESYS_CRYPTO_AES_DECRYPT_FNP = ::std::option::Option< userdata: *mut ::std::os::raw::c_void, ) -> TSS2_RC, >; +pub type ESYS_CRYPTO_SM4_ENCRYPT_FNP = ::std::option::Option< + unsafe extern "C" fn( + key: *mut u8, + tpm_sym_alg: TPM2_ALG_ID, + key_bits: TPMI_SM4_KEY_BITS, + tpm_mode: TPM2_ALG_ID, + buffer: *mut u8, + buffer_size: size_t, + iv: *mut u8, + userdata: *mut ::std::os::raw::c_void, + ) -> TSS2_RC, +>; +pub type ESYS_CRYPTO_SM4_DECRYPT_FNP = ::std::option::Option< + unsafe extern "C" fn( + key: *mut u8, + tpm_sym_alg: TPM2_ALG_ID, + key_bits: TPMI_SM4_KEY_BITS, + tpm_mode: TPM2_ALG_ID, + buffer: *mut u8, + buffer_size: size_t, + iv: *mut u8, + userdata: *mut ::std::os::raw::c_void, + ) -> TSS2_RC, +>; pub type ESYS_CRYPTO_PK_RSA_ENCRYPT_FNP = ::std::option::Option< unsafe extern "C" fn( pub_tpm_key: *mut TPM2B_PUBLIC, @@ -9518,6 +9550,8 @@ pub struct ESYS_CRYPTO_CALLBACKS { pub get_ecdh_point: ESYS_CRYPTO_GET_ECDH_POINT_FNP, pub aes_encrypt: ESYS_CRYPTO_AES_ENCRYPT_FNP, pub aes_decrypt: ESYS_CRYPTO_AES_DECRYPT_FNP, + pub sm4_encrypt: ESYS_CRYPTO_SM4_ENCRYPT_FNP, + pub sm4_decrypt: ESYS_CRYPTO_SM4_DECRYPT_FNP, pub init: ESYS_CRYPTO_INIT_FNP, pub userdata: *mut ::std::os::raw::c_void, } @@ -9528,7 +9562,7 @@ fn bindgen_test_layout_ESYS_CRYPTO_CALLBACKS() { let ptr = UNINIT.as_ptr(); assert_eq!( ::std::mem::size_of::(), - 60usize, + 68usize, "Size of ESYS_CRYPTO_CALLBACKS" ); assert_eq!( @@ -9602,13 +9636,23 @@ fn bindgen_test_layout_ESYS_CRYPTO_CALLBACKS() { "Offset of field: ESYS_CRYPTO_CALLBACKS::aes_decrypt" ); assert_eq!( - unsafe { ::std::ptr::addr_of!((*ptr).init) as usize - ptr as usize }, + unsafe { ::std::ptr::addr_of!((*ptr).sm4_encrypt) as usize - ptr as usize }, 52usize, + "Offset of field: ESYS_CRYPTO_CALLBACKS::sm4_encrypt" + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).sm4_decrypt) as usize - ptr as usize }, + 56usize, + "Offset of field: ESYS_CRYPTO_CALLBACKS::sm4_decrypt" + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).init) as usize - ptr as usize }, + 60usize, "Offset of field: ESYS_CRYPTO_CALLBACKS::init" ); assert_eq!( unsafe { ::std::ptr::addr_of!((*ptr).userdata) as usize - ptr as usize }, - 56usize, + 64usize, "Offset of field: ESYS_CRYPTO_CALLBACKS::userdata" ); } @@ -14779,6 +14823,13 @@ extern "C" { extern "C" { pub fn Tss2_TctiLdr_FreeInfo(info: *mut *mut TSS2_TCTI_INFO); } +extern "C" { + pub fn Tss2_Tcti_TctiLdr_Init( + tctiContext: *mut TSS2_TCTI_CONTEXT, + size: *mut size_t, + nameConf: *const ::std::os::raw::c_char, + ) -> TSS2_RC; +} extern "C" { pub fn Tss2_MU_INT8_Marshal( src: INT8, diff --git a/tss-esapi-sys/src/bindings/x86_64-unknown-linux-gnu.rs b/tss-esapi-sys/src/bindings/x86_64-unknown-linux-gnu.rs index ee0ec97a..a3246a66 100644 --- a/tss-esapi-sys/src/bindings/x86_64-unknown-linux-gnu.rs +++ b/tss-esapi-sys/src/bindings/x86_64-unknown-linux-gnu.rs @@ -1,5 +1,5 @@ -/* automatically generated by rust-bindgen 0.70.1 */ -/* TPM2_TSS_VERSION="4.0.1" */ +/* automatically generated by rust-bindgen 0.72.0 */ +/* TPM2_TSS_VERSION="4.1.3" */ pub const _STDINT_H: u32 = 1; pub const _FEATURES_H: u32 = 1; @@ -241,6 +241,14 @@ pub const ESYS_TR_RH_LOCKOUT: u32 = 266; pub const ESYS_TR_RH_ENDORSEMENT: u32 = 267; pub const ESYS_TR_RH_PLATFORM: u32 = 268; pub const ESYS_TR_RH_PLATFORM_NV: u32 = 269; +pub const ESYS_TR_RH_FW_OWNER: u32 = 270; +pub const ESYS_TR_RH_FW_ENDORSEMENT: u32 = 271; +pub const ESYS_TR_RH_FW_PLATFORM: u32 = 272; +pub const ESYS_TR_RH_FW_NULL: u32 = 273; +pub const ESYS_TR_RH_SVN_OWNER_BASE: u32 = 16842752; +pub const ESYS_TR_RH_SVN_ENDORSEMENT_BASE: u32 = 16908288; +pub const ESYS_TR_RH_SVN_PLATFORM_BASE: u32 = 16973824; +pub const ESYS_TR_RH_SVN_NULL_BASE: u32 = 17039360; pub const ESYS_TR_RH_AUTH_FIRST: u32 = 272; pub const ESYS_TR_RH_ACT_FIRST: u32 = 288; pub const ESYS_TR_RH_ACT_0: u32 = 288; @@ -9521,6 +9529,30 @@ pub type ESYS_CRYPTO_AES_DECRYPT_FNP = ::std::option::Option< userdata: *mut ::std::os::raw::c_void, ) -> TSS2_RC, >; +pub type ESYS_CRYPTO_SM4_ENCRYPT_FNP = ::std::option::Option< + unsafe extern "C" fn( + key: *mut u8, + tpm_sym_alg: TPM2_ALG_ID, + key_bits: TPMI_SM4_KEY_BITS, + tpm_mode: TPM2_ALG_ID, + buffer: *mut u8, + buffer_size: size_t, + iv: *mut u8, + userdata: *mut ::std::os::raw::c_void, + ) -> TSS2_RC, +>; +pub type ESYS_CRYPTO_SM4_DECRYPT_FNP = ::std::option::Option< + unsafe extern "C" fn( + key: *mut u8, + tpm_sym_alg: TPM2_ALG_ID, + key_bits: TPMI_SM4_KEY_BITS, + tpm_mode: TPM2_ALG_ID, + buffer: *mut u8, + buffer_size: size_t, + iv: *mut u8, + userdata: *mut ::std::os::raw::c_void, + ) -> TSS2_RC, +>; pub type ESYS_CRYPTO_PK_RSA_ENCRYPT_FNP = ::std::option::Option< unsafe extern "C" fn( pub_tpm_key: *mut TPM2B_PUBLIC, @@ -9551,6 +9583,8 @@ pub struct ESYS_CRYPTO_CALLBACKS { pub get_ecdh_point: ESYS_CRYPTO_GET_ECDH_POINT_FNP, pub aes_encrypt: ESYS_CRYPTO_AES_ENCRYPT_FNP, pub aes_decrypt: ESYS_CRYPTO_AES_DECRYPT_FNP, + pub sm4_encrypt: ESYS_CRYPTO_SM4_ENCRYPT_FNP, + pub sm4_decrypt: ESYS_CRYPTO_SM4_DECRYPT_FNP, pub init: ESYS_CRYPTO_INIT_FNP, pub userdata: *mut ::std::os::raw::c_void, } @@ -9561,7 +9595,7 @@ fn bindgen_test_layout_ESYS_CRYPTO_CALLBACKS() { let ptr = UNINIT.as_ptr(); assert_eq!( ::std::mem::size_of::(), - 120usize, + 136usize, "Size of ESYS_CRYPTO_CALLBACKS" ); assert_eq!( @@ -9635,13 +9669,23 @@ fn bindgen_test_layout_ESYS_CRYPTO_CALLBACKS() { "Offset of field: ESYS_CRYPTO_CALLBACKS::aes_decrypt" ); assert_eq!( - unsafe { ::std::ptr::addr_of!((*ptr).init) as usize - ptr as usize }, + unsafe { ::std::ptr::addr_of!((*ptr).sm4_encrypt) as usize - ptr as usize }, 104usize, + "Offset of field: ESYS_CRYPTO_CALLBACKS::sm4_encrypt" + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).sm4_decrypt) as usize - ptr as usize }, + 112usize, + "Offset of field: ESYS_CRYPTO_CALLBACKS::sm4_decrypt" + ); + assert_eq!( + unsafe { ::std::ptr::addr_of!((*ptr).init) as usize - ptr as usize }, + 120usize, "Offset of field: ESYS_CRYPTO_CALLBACKS::init" ); assert_eq!( unsafe { ::std::ptr::addr_of!((*ptr).userdata) as usize - ptr as usize }, - 112usize, + 128usize, "Offset of field: ESYS_CRYPTO_CALLBACKS::userdata" ); } @@ -14795,6 +14839,13 @@ extern "C" { extern "C" { pub fn Tss2_TctiLdr_FreeInfo(info: *mut *mut TSS2_TCTI_INFO); } +extern "C" { + pub fn Tss2_Tcti_TctiLdr_Init( + tctiContext: *mut TSS2_TCTI_CONTEXT, + size: *mut size_t, + nameConf: *const ::std::os::raw::c_char, + ) -> TSS2_RC; +} extern "C" { pub fn Tss2_MU_INT8_Marshal( src: INT8, diff --git a/tss-esapi/Cargo.toml b/tss-esapi/Cargo.toml index 05375b05..c284c533 100644 --- a/tss-esapi/Cargo.toml +++ b/tss-esapi/Cargo.toml @@ -35,8 +35,16 @@ regex = "1.3.9" zeroize = { version = "1.5.7", features = ["zeroize_derive"] } tss-esapi-sys = { path = "../tss-esapi-sys", version = "0.5.0" } x509-cert = { version = "0.2.0", optional = true } -ecdsa = { version = "0.16.9", features = ["der", "hazmat", "arithmetic", "verifying"], optional = true } -elliptic-curve = { version = "0.13.8", optional = true, features = ["alloc", "pkcs8"] } +ecdsa = { version = "0.16.9", features = [ + "der", + "hazmat", + "arithmetic", + "verifying", +], optional = true } +elliptic-curve = { version = "0.13.8", optional = true, features = [ + "alloc", + "pkcs8", +] } p192 = { version = "0.13.0", optional = true } p224 = { version = "0.13.2", optional = true } p256 = { version = "0.13.2", optional = true } @@ -50,7 +58,7 @@ sha3 = { version = "0.10.8", optional = true } sm2 = { version = "0.13.3", optional = true } sm3 = { version = "0.4.2", optional = true } digest = { version = "0.10.7", optional = true } -signature = { version = "2.2.0", features = ["std"], optional = true} +signature = { version = "2.2.0", features = ["std"], optional = true } cfg-if = "1.0.0" strum = { version = "0.26.3", optional = true } strum_macros = { version = "0.26.4", optional = true } @@ -77,9 +85,28 @@ default = ["abstraction"] generate-bindings = ["tss-esapi-sys/generate-bindings"] abstraction = ["rustcrypto"] integration-tests = ["strum", "strum_macros"] - -rustcrypto = ["digest", "ecdsa", "elliptic-curve", "pkcs8", "signature", "x509-cert"] -rustcrypto-full = ["rustcrypto", "p192", "p224", "p256", "p384", "p521", "rsa", "sha1", "sha2", "sha3", "sm2", "sm3"] - +rustcrypto = [ + "digest", + "ecdsa", + "elliptic-curve", + "pkcs8", + "signature", + "x509-cert", +] +rustcrypto-full = [ + "rustcrypto", + "p192", + "p224", + "p256", + "p384", + "p521", + "rsa", + "sha1", + "sha2", + "sha3", + "sm2", + "sm3", +] sha1 = ["dep:sha1", "rsa?/sha1"] sha2 = ["dep:sha2", "rsa?/sha2"] +bundled = ["tss-esapi-sys/bundled"] diff --git a/tss-esapi/README.md b/tss-esapi/README.md index f8887da7..8edfd434 100644 --- a/tss-esapi/README.md +++ b/tss-esapi/README.md @@ -17,6 +17,10 @@ time using the headers identified on the system. Our end-goal is to achieve a fully Rust-native interface that offers strong safety and security guarantees. Check out our [documentation](https://docs.rs/tss-esapi/*/tss_esapi/#notes-on-code-safety) for an overview of our code safety approach. +## Integration Tests + +See the [integration tests](https://github.com/parallaxsecond/rust-tss-esapi/tree/main/tss-esapi/tests) + ## Cargo Features The crate currently offers the following features: diff --git a/tss-esapi/tests/Dockerfile-fedora b/tss-esapi/tests/Dockerfile-fedora index cafbe04e..8869f730 100644 --- a/tss-esapi/tests/Dockerfile-fedora +++ b/tss-esapi/tests/Dockerfile-fedora @@ -1,4 +1,4 @@ -FROM fedora:38 +FROM fedora:40 RUN dnf install -y \ tpm2-tss-devel tpm2-abrmd tpm2-tools \ diff --git a/tss-esapi/tests/Dockerfile-ubuntu b/tss-esapi/tests/Dockerfile-ubuntu index 881d2b73..c4211919 100644 --- a/tss-esapi/tests/Dockerfile-ubuntu +++ b/tss-esapi/tests/Dockerfile-ubuntu @@ -7,7 +7,7 @@ ENV PATH="/root/.cargo/bin:${PATH}" FROM rust-toolchain AS tpm2-tss # Download and install the TSS library -ENV TPM2_TSS_BINDINGS_VERSION=4.0.1 +ENV TPM2_TSS_BINDINGS_VERSION=4.1.3 ARG TPM2_TSS_VERSION=$TPM2_TSS_BINDINGS_VERSION ENV TPM2_TSS_VERSION=$TPM2_TSS_VERSION ENV PKG_CONFIG_PATH=/usr/local/lib/pkgconfig @@ -22,7 +22,7 @@ RUN cd tpm2-tss \ FROM tpm2-tss AS tpm2-tools # Download and install TPM2 tools -RUN git clone https://github.com/tpm2-software/tpm2-tools.git --branch 5.6 +RUN git clone https://github.com/tpm2-software/tpm2-tools.git --branch 5.7 RUN cd tpm2-tools \ && ./bootstrap \ && ./configure \ diff --git a/tss-esapi/tests/cross-compile.sh b/tss-esapi/tests/cross-compile.sh index d76f42f7..aca3f71c 100755 --- a/tss-esapi/tests/cross-compile.sh +++ b/tss-esapi/tests/cross-compile.sh @@ -11,7 +11,7 @@ set -euf -o pipefail OPENSSL_GIT="https://github.com/openssl/openssl.git" OPENSSL_VERSION="OpenSSL_1_1_1j" TPM2_TSS_GIT="https://github.com/tpm2-software/tpm2-tss.git" -TPM2_TSS_VERSION="4.0.1" +TPM2_TSS_VERSION="4.1.3" export SYSROOT="/tmp/sysroot" @@ -48,7 +48,7 @@ cross-compile-openssl() { cross-compile-tpm2-tss() { pushd /tmp/tpm2-tss [ ! -f configure ] && ./bootstrap - ./configure --disable-fapi --disable-policy --prefix=/ --build=x86_64-pc-linux-gnu --host=$1 --target=$1 CC=$1-gcc + ./configure --disable-fapi --disable-policy --disable-tcti-spidev --disable-tcti-spi-ltt2go --disable-tcti-spi-ftdi --disable-tcti-i2c-ftdi --disable-tcti-i2c-helper --prefix=/ --build=x86_64-pc-linux-gnu --host=$1 --target=$1 CC=$1-gcc make clean make -j$(nproc) make DESTDIR="$SYSROOT" install