Implement object duplication

Key attestation using object duplication are [on the horizon], and we'll
need supporting routines for that.

This brings a `create_duplicate` that will make the two layers of wraps
around the object to protect.

[on the horizon]: https://trustedcomputinggroup.org/wp-content/uploads/EK-Based-Key-Attestation-with-TPM-Firmware-Version-V1-RC1_9July2025.pdf

Signed-off-by: Arthur Gautier <[email protected]>

Author: baloo

Cargo.lock

@@ -10,3 +10,6 @@ elliptic-curve = { git = "https://github.com/RustCrypto/traits.git" }
 p521       = { git = "https://github.com/RustCrypto/elliptic-curves.git" }
 primefield = { git = "https://github.com/RustCrypto/elliptic-curves.git" }
 sm2        = { git = "https://github.com/RustCrypto/elliptic-curves.git" }
+
+camellia = { git = "https://github.com/RustCrypto/block-ciphers.git" }
+sm4      = { git = "https://github.com/RustCrypto/block-ciphers.git" }

Cargo.toml

@@ -37,8 +37,9 @@ tss-esapi-sys = { path = "../tss-esapi-sys", version = "0.6.0-alpha.1" }
 x509-cert = { version = "0.3.0-rc.1", optional = true }
 aes = { version = "0.9.0-rc.2", optional = true }
 byte-strings = { version = "0.3.1", optional = true }
-cipher = { version = "0.5.0-rc.2", optional = true }
+camellia = { version = "0.2.0-pre", optional = true }
 cfb-mode = { version = "0.9.0-rc.1", optional = true }
+cipher = { version = "0.5.0-rc.2", optional = true, default-features = false, features = ["zeroize"] }
 ecdsa = { version = "0.17.0-rc.8", features = [
     "algorithm",
     "der",
@@ -61,6 +62,7 @@ sha2 = { version = "0.11.0-rc.3", optional = true }
 sha3 = { version = "0.11.0-rc.3", optional = true }
 sm2 = { version = "0.14.0-rc.0", optional = true }
 sm3 = { version = "0.5.0-rc.3", optional = true }
+sm4 = { version = "0.6.0-pre", optional = true }
 digest = { version = "0.11.0-rc.4", optional = true }
 signature = { version = "3.0.0-rc.5", features = [
     "alloc",
@@ -73,12 +75,13 @@ strum = { version = "0.26.3", optional = true }
 strum_macros = { version = "0.26.4", optional = true }
 paste = "1.0.14"
 getrandom = "0.3"
-rand = "0.9"
+rand = "0.10.0-rc.1"
 
 [dev-dependencies]
 aes = "0.9.0-pre.2"
 env_logger = "0.11.5"
 hex-literal = "1"
+paste = "1.0.15"
 rsa = { version = "0.10.0-pre.3" }
 serde_json = "^1.0.108"
 sha2 = { version = "0.11.0-rc.2", features = ["oid"] }
@@ -117,6 +120,7 @@ rustcrypto = [
 rustcrypto-full = [
     "rustcrypto",
     "aes",
+    "camellia",
     "p192",
     "p224",
     "p256",
@@ -128,6 +132,7 @@ rustcrypto-full = [
     "sha3",
     "sm2",
     "sm3",
+    "sm4",
 ]
 
 rsa = ["dep:rsa", "kbkdf"]

tss-esapi/Cargo.toml

@@ -22,6 +22,12 @@ pub use self::capability_data::CapabilityData;
 // The names section
 // //////////////////////////////////////////////////////
 mod names;
+#[cfg(feature = "rustcrypto")]
+#[cfg_attr(
+    not(any(feature = "sha1", feature = "sha2", feature = "sha3", feature = "sm3",)),
+    allow(unused)
+)]
+pub(crate) use names::name::make_name;
 pub use names::name::Name;
 // //////////////////////////////////////////////////////
 // The result section

tss-esapi/src/structures/mod.rs

@@ -65,3 +65,44 @@ impl AsRef<TPM2B_NAME> for Name {
         &self.value
     }
 }
+
+#[cfg(feature = "rustcrypto")]
+mod as_name {
+    use digest::{Digest, Update};
+    use log::error;
+
+    use super::{Name, TPM2B_NAME};
+    use crate::{
+        error::{Error, Result, WrapperErrorKind},
+        traits::Marshall,
+        utils::hash_object,
+    };
+
+    #[cfg(feature = "rustcrypto")]
+    pub(crate) fn make_name<D, T>(object: &T) -> Result<Name>
+    where
+        D: Digest + Update,
+        T: Marshall,
+    {
+        let mut hasher = D::new();
+
+        hash_object(&mut hasher, object)?;
+
+        let bytes = hasher.finalize();
+        if bytes.len() > Name::MAX_SIZE {
+            error!("Invalid Digest output size (> {})", Name::MAX_SIZE);
+            return Err(Error::local_error(WrapperErrorKind::WrongParamSize));
+        }
+        let size = bytes.len() as u16;
+
+        let mut name = [0; Name::MAX_SIZE];
+        name[..bytes.len()].copy_from_slice(&bytes);
+
+        Ok(Name {
+            value: TPM2B_NAME { size, name },
+        })
+    }
+}
+
+#[cfg(feature = "rustcrypto")]
+pub(crate) use self::as_name::make_name;

tss-esapi/src/structures/names/name.rs

@@ -7,7 +7,7 @@ pub mod rsa;
 use crate::{
     attributes::ObjectAttributes,
     interface_types::algorithm::{HashingAlgorithm, PublicAlgorithm},
-    structures::{Digest, EccPoint, PublicKeyRsa, SymmetricCipherParameters},
+    structures::{Digest, EccPoint, Name, PublicKeyRsa, SymmetricCipherParameters},
     traits::{impl_mu_standard, Marshall},
     tss2_esys::{TPM2B_PUBLIC, TPMT_PUBLIC},
     Error, Result, ReturnCode, WrapperErrorKind,
@@ -586,3 +586,20 @@ impl TryFrom<Public> for TPM2B_PUBLIC {
         })
     }
 }
+
+#[cfg(feature = "rustcrypto")]
+impl Public {
+    pub fn name(&self) -> Result<Name> {
+        #[cfg_attr(
+            not(any(feature = "sha1", feature = "sha2", feature = "sha3", feature = "sm3",)),
+            allow(unused)
+        )]
+        macro_rules! make_name {
+            ($hash: ty) => {
+                crate::structures::make_name::<$hash, _>(self)
+            };
+        }
+
+        crate::utils::match_name_hashing_algorithm!(self, make_name)
+    }
+}