Migrate to current pre-release revisions of dependencies (#583)

The CHANGELOG lists the specific versions currently pinned; it will
be modified to instead reference the public releases once they exist
and this crate uses them.
This commit is contained in:
Jack Grigg
2025-01-02 19:39:52 +00:00
committed by GitHub
parent 32cd92af50
commit 626ac3bffd
9 changed files with 193 additions and 136 deletions
+45 -18
View File
@@ -41,8 +41,8 @@ use crate::{
};
use log::error;
use x509_cert::{
builder::{Builder, CertificateBuilder, Profile},
der::{self, referenced::OwnedToRef, Decode, Encode},
builder::{profile::BuilderProfile, Builder, CertificateBuilder},
der::{referenced::OwnedToRef, Decode, Encode},
name::Name,
serial_number::SerialNumber,
spki::{SubjectPublicKeyInfoOwned, SubjectPublicKeyInfoRef},
@@ -109,23 +109,18 @@ impl Certificate {
extensions: F,
) -> Result<Self>
where
F: FnOnce(&mut CertificateBuilder<'_, yubikey_signer::Signer<'_, KT>>) -> der::Result<()>,
F: FnOnce(&mut CertificateBuilder<SelfSigned>) -> der::Result<()>,
{
let signer = yubikey_signer::Signer::new(yubikey, key, subject_pki.owned_to_ref())?;
let mut builder = CertificateBuilder::new(
Profile::Manual { issuer: None },
serial,
validity,
subject,
subject_pki,
&signer,
)
.map_err(|_| Error::KeyError)?;
let signer =
yubikey_signer::Signer::<'_, KT>::new(yubikey, key, subject_pki.owned_to_ref())?;
let mut builder =
CertificateBuilder::new(SelfSigned { subject }, serial, validity, subject_pki)
.map_err(|_| Error::KeyError)?;
// Add custom extensions
extensions(&mut builder)?;
let cert = builder.build().map_err(|_| Error::KeyError)?;
let cert = builder.build(&signer).map_err(|_| Error::KeyError)?;
let cert = Self { cert };
cert.write(yubikey, key, CertInfo::Uncompressed)?;
@@ -174,23 +169,55 @@ impl Certificate {
/// Returns the Issuer field of the certificate.
pub fn issuer(&self) -> String {
self.cert.tbs_certificate.issuer.to_string()
self.cert.tbs_certificate().issuer().to_string()
}
/// Returns the SubjectName field of the certificate.
pub fn subject(&self) -> String {
self.cert.tbs_certificate.subject.to_string()
self.cert.tbs_certificate().subject().to_string()
}
/// Returns the SubjectPublicKeyInfo field of the certificate.
pub fn subject_pki(&self) -> SubjectPublicKeyInfoRef<'_> {
self.cert
.tbs_certificate
.subject_public_key_info
.tbs_certificate()
.subject_public_key_info()
.owned_to_ref()
}
}
/// A [`BuilderProfile`] for self-signed certificates.
///
/// This profile has no default extensions.
pub struct SelfSigned {
subject: Name,
}
impl BuilderProfile for SelfSigned {
fn get_issuer(&self, subject: &Name) -> Name {
// RFC 5280 Section 3.2:
//
// > Self-issued certificates are CA certificates in which the issuer and subject
// > are the same entity. [..] Self-signed certificates are self-issued
// > certificates where the digital signature may be verified by the public key
// > bound into the certificate.
subject.clone()
}
fn get_subject(&self) -> Name {
self.subject.clone()
}
fn build_extensions(
&self,
_spk: SubjectPublicKeyInfoRef<'_>,
_issuer_spk: SubjectPublicKeyInfoRef<'_>,
_tbs: &x509_cert::TbsCertificate,
) -> x509_cert::builder::Result<Vec<x509_cert::ext::Extension>> {
Ok(vec![])
}
}
/// Read certificate
pub(crate) fn read_certificate(txn: &Transaction<'_>, slot: SlotId) -> Result<Buffer> {
let object_id = slot.object_id();
+10
View File
@@ -57,6 +57,9 @@ pub enum Error {
/// Authentication error
AuthenticationError,
/// Error while building a certificate
CertificateBuilder,
/// Generic error
GenericError,
@@ -136,6 +139,7 @@ impl Error {
}
Error::ArgumentError => f.write_str("argument error"),
Error::AuthenticationError => f.write_str("authentication error"),
Error::CertificateBuilder => f.write_str("certificate builder error"),
Error::GenericError => f.write_str("generic error"),
Error::InvalidObject => f.write_str("invalid object"),
Error::KeyError => f.write_str("key error"),
@@ -197,3 +201,9 @@ impl From<der::Error> for Error {
Error::ParseError
}
}
impl From<x509_cert::builder::Error> for Error {
fn from(_err: x509_cert::builder::Error) -> Error {
Error::CertificateBuilder
}
}
+3 -5
View File
@@ -42,7 +42,7 @@ use crate::{
yubikey::YubiKey,
};
use des::{
cipher::{generic_array::GenericArray, BlockDecrypt, BlockEncrypt, KeyInit},
cipher::{BlockCipherDecrypt, BlockCipherEncrypt, KeyInit},
TdesEde3,
};
#[cfg(feature = "untested")]
@@ -314,16 +314,14 @@ impl MgmKey {
/// Encrypt with 3DES key
pub(crate) fn encrypt(&self, input: &[u8; DES_LEN_DES]) -> [u8; DES_LEN_DES] {
let mut output = input.to_owned();
TdesEde3::new(GenericArray::from_slice(&self.0))
.encrypt_block(GenericArray::from_mut_slice(&mut output));
TdesEde3::new(&self.0.into()).encrypt_block((&mut output).into());
output
}
/// Decrypt with 3DES key
pub(crate) fn decrypt(&self, input: &[u8; DES_LEN_DES]) -> [u8; DES_LEN_DES] {
let mut output = input.to_owned();
TdesEde3::new(GenericArray::from_slice(&self.0))
.decrypt_block(GenericArray::from_mut_slice(&mut output));
TdesEde3::new(&self.0.into()).decrypt_block((&mut output).into());
output
}
}
+1 -1
View File
@@ -183,7 +183,7 @@ impl<'tx> Transaction<'tx> {
if !pin.is_empty() {
let mut data = Zeroizing::new([0xff; CB_PIN_MAX]);
data[0..pin.len()].copy_from_slice(pin);
query.data(data.as_ref());
query.data(data.as_slice());
}
let response = query.transmit(self, 261)?;