Bump asymmetric crypto dependencies; MSRV 1.65 (#490)

Bumps the following dependencies to the latest versions:

- `elliptic-curve` v0.13
- `k256` v0.13
- `p256` v0.13
- `p384` v0.13
- `pbkdf2` v0.12
- `rsa` v0.9.0-pre.0
- `signature` v2
This commit is contained in:
Tony Arcieri (iqlusion)
2023-03-14 10:53:00 -07:00
committed by GitHub
parent a50addc15b
commit 0c7441a81e
7 changed files with 69 additions and 60 deletions
+3 -3
View File
@@ -36,13 +36,13 @@ jobs:
toolchain: stable toolchain: stable
deps: true deps: true
- platform: ubuntu-latest - platform: ubuntu-latest
toolchain: 1.60.0 # MSRV toolchain: 1.65.0 # MSRV
deps: sudo apt-get install libpcsclite-dev deps: sudo apt-get install libpcsclite-dev
- platform: windows-latest - platform: windows-latest
toolchain: 1.60.0 # MSRV toolchain: 1.65.0 # MSRV
deps: true deps: true
- platform: macos-latest - platform: macos-latest
toolchain: 1.60.0 # MSRV toolchain: 1.65.0 # MSRV
deps: true deps: true
runs-on: ${{ matrix.platform }} runs-on: ${{ matrix.platform }}
steps: steps:
Generated
+52 -42
View File
@@ -67,9 +67,9 @@ checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
[[package]] [[package]]
name = "base16ct" name = "base16ct"
version = "0.1.1" version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce" checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf"
[[package]] [[package]]
name = "base64" name = "base64"
@@ -196,9 +196,9 @@ dependencies = [
[[package]] [[package]]
name = "const-oid" name = "const-oid"
version = "0.9.1" version = "0.9.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cec318a675afcb6a1ea1d4340e2d377e56e47c266f28043ceccbf4412ddfdd3b" checksum = "520fbf3c07483f94e3e3ca9d0cfd913d7718ef2483d2cfd91c0d9e91474ab913"
[[package]] [[package]]
name = "cookie-factory" name = "cookie-factory"
@@ -223,9 +223,9 @@ dependencies = [
[[package]] [[package]]
name = "crypto-bigint" name = "crypto-bigint"
version = "0.4.9" version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef" checksum = "7c2538c4e68e52548bacb3e83ac549f903d44f011ac9d5abb5e132e67d0808f7"
dependencies = [ dependencies = [
"generic-array", "generic-array",
"rand_core", "rand_core",
@@ -295,9 +295,9 @@ checksum = "23d8666cb01533c39dde32bcbab8e227b4ed6679b2c925eba05feabea39508fb"
[[package]] [[package]]
name = "der" name = "der"
version = "0.6.1" version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de" checksum = "bc906908ea6458456e5eaa160a9c08543ec3d1e6f71e2235cedd660cb65f9df0"
dependencies = [ dependencies = [
"const-oid", "const-oid",
"pem-rfc7468", "pem-rfc7468",
@@ -352,9 +352,9 @@ dependencies = [
[[package]] [[package]]
name = "ecdsa" name = "ecdsa"
version = "0.14.8" version = "0.16.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "413301934810f597c1d19ca71c8710e99a3f1ba28a0d2ebc01551a2daeea3c5c" checksum = "d1b0a1222f8072619e8a6b667a854020a03d363738303203c09468b3424a420a"
dependencies = [ dependencies = [
"der", "der",
"elliptic-curve", "elliptic-curve",
@@ -364,13 +364,12 @@ dependencies = [
[[package]] [[package]]
name = "elliptic-curve" name = "elliptic-curve"
version = "0.12.3" version = "0.13.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3" checksum = "6ea5a92946e8614bb585254898bb7dd1ddad241ace60c52149e3765e34cc039d"
dependencies = [ dependencies = [
"base16ct", "base16ct",
"crypto-bigint", "crypto-bigint",
"der",
"digest", "digest",
"ff", "ff",
"generic-array", "generic-array",
@@ -420,9 +419,9 @@ dependencies = [
[[package]] [[package]]
name = "ff" name = "ff"
version = "0.12.1" version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160" checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449"
dependencies = [ dependencies = [
"rand_core", "rand_core",
"subtle", "subtle",
@@ -436,6 +435,7 @@ checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9"
dependencies = [ dependencies = [
"typenum", "typenum",
"version_check", "version_check",
"zeroize",
] ]
[[package]] [[package]]
@@ -451,9 +451,9 @@ dependencies = [
[[package]] [[package]]
name = "group" name = "group"
version = "0.12.1" version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7" checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
dependencies = [ dependencies = [
"ff", "ff",
"rand_core", "rand_core",
@@ -719,33 +719,36 @@ checksum = "9b7820b9daea5457c9f21c69448905d723fbd21136ccf521748f23fd49e723ee"
[[package]] [[package]]
name = "p256" name = "p256"
version = "0.11.1" version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "51f44edd08f51e2ade572f141051021c5af22677e42b7dd28a88155151c33594" checksum = "7270da3e5caa82afd3deb054cc237905853813aea3859544bc082c3fe55b8d47"
dependencies = [ dependencies = [
"ecdsa", "ecdsa",
"elliptic-curve", "elliptic-curve",
"primeorder",
"sha2", "sha2",
] ]
[[package]] [[package]]
name = "p384" name = "p384"
version = "0.11.2" version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dfc8c5bf642dde52bb9e87c0ecd8ca5a76faac2eeed98dedb7c717997e1080aa" checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209"
dependencies = [ dependencies = [
"ecdsa", "ecdsa",
"elliptic-curve", "elliptic-curve",
"primeorder",
"sha2", "sha2",
] ]
[[package]] [[package]]
name = "pbkdf2" name = "pbkdf2"
version = "0.11.0" version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "83a0692ec44e4cf1ef28ca317f14f8f07da2d95ec3fa01f86e4467b725e60917" checksum = "f0ca0b5a68607598bf3bad68f32227a8164f6254833f84eafaac409cd6746c31"
dependencies = [ dependencies = [
"digest", "digest",
"hmac",
] ]
[[package]] [[package]]
@@ -769,18 +772,18 @@ dependencies = [
[[package]] [[package]]
name = "pem-rfc7468" name = "pem-rfc7468"
version = "0.6.0" version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "24d159833a9105500e0398934e205e0773f0b27529557134ecfc51c27646adac" checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412"
dependencies = [ dependencies = [
"base64ct", "base64ct",
] ]
[[package]] [[package]]
name = "pkcs1" name = "pkcs1"
version = "0.4.1" version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "eff33bdbdfc54cc98a2eca766ebdec3e1b8fb7387523d5c9c9a2891da856f719" checksum = "178ba28ece1961eafdff1991bd1744c29564cbab5d803f3ccb4a4895a6c550a7"
dependencies = [ dependencies = [
"der", "der",
"pkcs8", "pkcs8",
@@ -790,9 +793,9 @@ dependencies = [
[[package]] [[package]]
name = "pkcs8" name = "pkcs8"
version = "0.9.0" version = "0.10.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba" checksum = "3d2820d87d2b008616e5c27212dd9e0e694fb4c6b522de06094106813328cb49"
dependencies = [ dependencies = [
"der", "der",
"spki", "spki",
@@ -810,6 +813,15 @@ version = "0.2.17"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
[[package]]
name = "primeorder"
version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7613fdcc0831c10060fa69833ea8fa2caa94b6456f51e25356a885b530a2e3d0"
dependencies = [
"elliptic-curve",
]
[[package]] [[package]]
name = "proc-macro-error" name = "proc-macro-error"
version = "1.0.4" version = "1.0.4"
@@ -901,20 +913,19 @@ checksum = "456c603be3e8d448b072f410900c09faf164fbce2d480456f50eea6e25f9c848"
[[package]] [[package]]
name = "rfc6979" name = "rfc6979"
version = "0.3.1" version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb" checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
dependencies = [ dependencies = [
"crypto-bigint",
"hmac", "hmac",
"zeroize", "subtle",
] ]
[[package]] [[package]]
name = "rsa" name = "rsa"
version = "0.7.2" version = "0.9.0-pre.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "094052d5470cbcef561cb848a7209968c9f12dfa6d668f4bca048ac5de51099c" checksum = "a7bc1d34159d63536b4d89944e9ab5bb952f45db6fa0b8b03c2f8c09fb5b7171"
dependencies = [ dependencies = [
"byteorder", "byteorder",
"digest", "digest",
@@ -926,7 +937,6 @@ dependencies = [
"pkcs8", "pkcs8",
"rand_core", "rand_core",
"signature", "signature",
"smallvec",
"subtle", "subtle",
"zeroize", "zeroize",
] ]
@@ -962,9 +972,9 @@ checksum = "ddccb15bcce173023b3fedd9436f882a0739b8dfb45e4f6b6002bee5929f61b2"
[[package]] [[package]]
name = "sec1" name = "sec1"
version = "0.3.0" version = "0.7.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928" checksum = "48518a2b5775ba8ca5b46596aae011caa431e6ce7e4a67ead66d92f08884220e"
dependencies = [ dependencies = [
"base16ct", "base16ct",
"der", "der",
@@ -1013,9 +1023,9 @@ dependencies = [
[[package]] [[package]]
name = "signature" name = "signature"
version = "1.6.4" version = "2.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c" checksum = "8fe458c98333f9c8152221191a77e2a44e8325d0193484af2e9421a53019e57d"
dependencies = [ dependencies = [
"digest", "digest",
"rand_core", "rand_core",
@@ -1035,9 +1045,9 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
[[package]] [[package]]
name = "spki" name = "spki"
version = "0.6.0" version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b" checksum = "c0445c905640145c7ea8c1993555957f65e7c46d0535b91ba501bc9bfc85522f"
dependencies = [ dependencies = [
"base64ct", "base64ct",
"der", "der",
+8 -9
View File
@@ -14,7 +14,7 @@ readme = "README.md"
categories = ["api-bindings", "authentication", "cryptography", "hardware-support"] categories = ["api-bindings", "authentication", "cryptography", "hardware-support"]
keywords = ["ecdsa", "encryption", "rsa", "piv", "signature"] keywords = ["ecdsa", "encryption", "rsa", "piv", "signature"]
edition = "2021" edition = "2021"
rust-version = "1.60" rust-version = "1.65"
[workspace] [workspace]
members = [".", "cli"] members = [".", "cli"]
@@ -24,20 +24,20 @@ chrono = "0.4.23"
cookie-factory = "0.3" cookie-factory = "0.3"
der-parser = "8" der-parser = "8"
des = "0.8" des = "0.8"
elliptic-curve = "0.12" elliptic-curve = "0.13"
hex = { package = "base16ct", version = "0.1", features = ["alloc"] } hex = { package = "base16ct", version = "0.2", features = ["alloc"] }
hmac = "0.12" hmac = "0.12"
log = "0.4" log = "0.4"
nom = "7" nom = "7"
num-bigint-dig = { version = "0.8", features = ["rand"] } num-bigint-dig = { version = "0.8", features = ["rand"] }
num-traits = "0.2" num-traits = "0.2"
num-integer = "0.1" num-integer = "0.1"
pbkdf2 = { version = "0.11", default-features = false } p256 = "0.13"
p256 = "0.11" p384 = "0.13"
p384 = "0.11" pbkdf2 = { version = "0.12", default-features = false, features = ["hmac"] }
pcsc = "2.3.1" pcsc = "2.3.1"
rand_core = { version = "0.6", features = ["std"] } rand_core = { version = "0.6", features = ["std"] }
rsa = "0.7" rsa = "=0.9.0-pre.0"
secrecy = "0.8" secrecy = "0.8"
sha1 = { version = "0.10", features = ["oid"] } sha1 = { version = "0.10", features = ["oid"] }
sha2 = { version = "0.10", features = ["oid"] } sha2 = { version = "0.10", features = ["oid"] }
@@ -50,8 +50,7 @@ zeroize = "1"
[dev-dependencies] [dev-dependencies]
env_logger = "0.10" env_logger = "0.10"
once_cell = "1" once_cell = "1"
rsa = { version = "0.7.1", features = ["hazmat"] } signature = "2"
signature = { version = "1.6.4", features = ["hazmat-preview"] }
[features] [features]
untested = [] untested = []
+1 -1
View File
@@ -214,7 +214,7 @@ or conditions.
[docs-link]: https://docs.rs/yubikey/ [docs-link]: https://docs.rs/yubikey/
[license-image]: https://img.shields.io/badge/license-BSD-blue.svg [license-image]: https://img.shields.io/badge/license-BSD-blue.svg
[license-link]: https://github.com/iqlusioninc/yubikey.rs/blob/main/COPYING [license-link]: https://github.com/iqlusioninc/yubikey.rs/blob/main/COPYING
[msrv-image]: https://img.shields.io/badge/rustc-1.60+-blue.svg [msrv-image]: https://img.shields.io/badge/rustc-1.65+-blue.svg
[safety-image]: https://img.shields.io/badge/unsafe-forbidden-success.svg [safety-image]: https://img.shields.io/badge/unsafe-forbidden-success.svg
[safety-link]: https://github.com/rust-secure-code/safety-dance/ [safety-link]: https://github.com/rust-secure-code/safety-dance/
[build-image]: https://github.com/iqlusioninc/yubikey.rs/workflows/CI/badge.svg?branch=main&event=push [build-image]: https://github.com/iqlusioninc/yubikey.rs/workflows/CI/badge.svg?branch=main&event=push
+1 -1
View File
@@ -17,7 +17,7 @@ rust-version = "1.56"
[dependencies] [dependencies]
clap = { version = "4", features = ["derive"] } clap = { version = "4", features = ["derive"] }
env_logger = "0.10" env_logger = "0.10"
hex = { package = "base16ct", version = "0.1", features = ["alloc"] } hex = { package = "base16ct", version = "0.2", features = ["alloc"] }
log = "0.4" log = "0.4"
once_cell = "1" once_cell = "1"
sha2 = "0.10" sha2 = "0.10"
+2 -2
View File
@@ -46,7 +46,7 @@ use des::{
TdesEde3, TdesEde3,
}; };
#[cfg(feature = "untested")] #[cfg(feature = "untested")]
use {hmac::Hmac, pbkdf2::pbkdf2, sha1::Sha1}; use {pbkdf2::pbkdf2_hmac, sha1::Sha1};
/// YubiKey MGMT Applet Name /// YubiKey MGMT Applet Name
#[cfg(feature = "untested")] #[cfg(feature = "untested")]
@@ -147,7 +147,7 @@ impl MgmKey {
} }
let mut mgm = [0u8; DES_LEN_3DES]; let mut mgm = [0u8; DES_LEN_3DES];
pbkdf2::<Hmac<Sha1>>(pin, salt, ITER_MGM_PBKDF2, &mut mgm); pbkdf2_hmac::<Sha1>(pin, salt, ITER_MGM_PBKDF2, &mut mgm);
MgmKey::from_bytes(mgm) MgmKey::from_bytes(mgm)
} }
+2 -2
View File
@@ -8,7 +8,7 @@ use once_cell::sync::Lazy;
use rand_core::{OsRng, RngCore}; use rand_core::{OsRng, RngCore};
use rsa::pkcs1v15; use rsa::pkcs1v15;
use sha2::{Digest, Sha256}; use sha2::{Digest, Sha256};
use signature::{hazmat::PrehashVerifier, Signature as _}; use signature::hazmat::PrehashVerifier;
use std::{env, str::FromStr, sync::Mutex}; use std::{env, str::FromStr, sync::Mutex};
use x509::RelativeDistinguishedName; use x509::RelativeDistinguishedName;
use yubikey::{ use yubikey::{
@@ -203,7 +203,7 @@ fn generate_self_signed_rsa_cert() {
let data = cert.as_ref(); let data = cert.as_ref();
let tbs_cert_len = u16::from_be_bytes(data[6..8].try_into().unwrap()) as usize; let tbs_cert_len = u16::from_be_bytes(data[6..8].try_into().unwrap()) as usize;
let msg = &data[4..8 + tbs_cert_len]; let msg = &data[4..8 + tbs_cert_len];
let sig = pkcs1v15::Signature::from_bytes(&data[data.len() - 128..]).unwrap(); let sig = pkcs1v15::Signature::try_from(&data[data.len() - 128..]).unwrap();
let hash = Sha256::digest(msg); let hash = Sha256::digest(msg);
assert!(pubkey.verify_prehash(&hash, &sig).is_ok()); assert!(pubkey.verify_prehash(&hash, &sig).is_ok());