Update tpm ecdh

michaeldjeffrey · michaeldjeffrey · commit 96e62fe842cc · 2025-07-02T14:46:41.000-07:00
p256 used to provide a From implementation for AffinePoint to SharedSecret. We can recreate what it was doing using the AffineCoordinates trait. RustCrypto/elliptic-curves@a7011d2#diff-c6f073a6c542e656510c60595c86058a65f58dc3f00824c7f505cf6b556d3b73L49-L53
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -0,0 +1,44 @@
+FROM mcr.microsoft.com/devcontainers/rust:1-bullseye
+
+# Install required system packages
+RUN apt-get update && apt-get install -y \
+    clang-11 \
+    libclang-11-dev \
+    llvm-11-dev \
+    cmake \
+    pkg-config \
+    libssl-dev \
+    tpm2-tss-dev \
+    libtss2-dev \
+    build-essential \
+    curl \
+    libcurl4-openssl-dev \
+    make \
+    sudo \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set environment variable so bindgen can find libclang
+ENV LIBCLANG_PATH=/usr/lib/llvm-11/lib
+
+RUN apt-get install -y llvm-11-dev clang-11 libclang-11-dev
+RUN export LIBCLANG_PATH=/usr/lib/llvm-11/lib
+
+
+# Set up rust toolchain components
+RUN rustup target add x86_64-unknown-linux-gnu && \
+    rustup component add clippy rustfmt rust-analyzer
+
+# Create a non-root user
+ARG USERNAME=vscode
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
+RUN groupadd --gid $USER_GID $USERNAME && \
+    useradd --uid $USER_UID --gid $USER_GID -m $USERNAME && \
+    echo "$USERNAME ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/$USERNAME && \
+    chmod 0440 /etc/sudoers.d/$USERNAME
+
+USER $USERNAME
+
+WORKDIR /app
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -0,0 +1,42 @@
+{
+    "name": "Rust Linux Development",
+    "image": "mcr.microsoft.com/devcontainers/rust:1-bullseye",
+    "features": {
+        "ghcr.io/devcontainers/features/common-utils:2": {
+            "installZsh": true,
+            "username": "vscode",
+            "upgradePackages": true
+        }
+    },
+    "runArgs": [
+        "--cap-add=SYS_PTRACE",
+        "--security-opt",
+        "seccomp=unconfined"
+    ],
+    "customizations": {
+        "vscode": {
+            "extensions": [
+                "rust-lang.rust-analyzer",
+                "tamasfe.even-better-toml",
+                "serayuzgur.crates"
+            ],
+            "settings": {
+                "rust-analyzer.server.path": "/usr/local/cargo/bin/rust-analyzer",
+                "rust-analyzer.cargo.extraEnv": {
+                    "LIBCLANG_PATH": "/usr/lib/llvm-11/lib"
+                },
+                "rust-analyzer.server.extraEnv": {
+                    "LIBCLANG_PATH": "/usr/lib/llvm-11/lib"
+                },
+                "rust-analyzer.check.extraEnv": {
+                    "LIBCLANG_PATH": "/usr/lib/llvm-11/lib"
+                }
+            }
+        }
+    },
+    "containerEnv": {
+        "LIBCLANG_PATH": "/usr/lib/llvm-11/lib"
+    },
+    "postCreateCommand": "sudo apt-get update && sudo apt-get install -y pkg-config libtss2-dev libssl-dev libtss2-dev llvm-11-dev clang-11 libclang-11-dev && export LIBCLANG_PATH=/usr/lib/llvm-11/lib",
+    "remoteUser": "vscode"
+}
diff --git a/Cargo.toml b/Cargo.toml
@@ -35,7 +35,7 @@ rsa = { version = "0.4", optional = true, default-features = false, features = [
   "pem",
 ] }
 ecc608-linux = { version = "0", optional = true }
-tss-esapi = { version = "7", optional = true }
+tss-esapi = { version = "7", optional = true, features = ["generate-bindings"] }
 libc = { version = "0", optional = true }
 byteorder = { version = "1", optional = true }
 multihash = { version = "0.18", optional = true }
@@ -44,7 +44,7 @@ solana-sdk = { version = ">= 2.2", optional = true }
 uuid = { version = "1", features = ["v4", "fast-rng"], optional = true }
 
 [features]
-default = ["rsa"]
+default = ["rsa", "tpm"]
 ecc608 = ["ecc608-linux"]
 rsa = ["dep:rsa", "byteorder"]
 tpm = ["tss-esapi", "libc", "drop_guard"]
diff --git a/src/tpm/mod.rs b/src/tpm/mod.rs
@@ -101,8 +101,9 @@ impl KeypairHandle {
         let encoded_point = p256::EncodedPoint::from_bytes(shared_secret_bytes.as_slice())
             .map_err(p256::elliptic_curve::Error::from)?;
         let affine_point = p256::AffinePoint::from_encoded_point(&encoded_point).unwrap();
+
         Ok(ecc_compact::SharedSecret(p256::ecdh::SharedSecret::from(
-            &affine_point,
+            p256::elliptic_curve::point::AffineCoordinates::x(&affine_point),
         )))
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -101,8 +101,9 @@ impl KeypairHandle {`
`101`	`101`	`let encoded_point = p256::EncodedPoint::from_bytes(shared_secret_bytes.as_slice())`
`102`	`102`	`.map_err(p256::elliptic_curve::Error::from)?;`
`103`	`103`	`let affine_point = p256::AffinePoint::from_encoded_point(&encoded_point).unwrap();`
	`104`	`+`
`104`	`105`	`Ok(ecc_compact::SharedSecret(p256::ecdh::SharedSecret::from(`
`105`		`- &affine_point,`
	`106`	`+ p256::elliptic_curve::point::AffineCoordinates::x(&affine_point),`
`106`	`107`	`)))`
`107`	`108`	`}`
`108`	`109`	`}`