diff --git a/Cargo.lock b/Cargo.lock index 94ca9c2..8b61d46 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -101,6 +101,12 @@ version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9d6f2aa4d0537bcc1c74df8755072bd31c1ef1a3a1b85a68e8404a8c353b7b8b" +[[package]] +name = "const-oid" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e4c78c047431fee22c1a7bb92e00ad095a02a983affe4d8a72e2a2c62c1b94f3" + [[package]] name = "cookie-factory" version = "0.3.2" @@ -121,6 +127,17 @@ name = "crypto-bigint" version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f83bd3bb4314701c568e340cd8cf78c975aa0ca79e03d3f6d1677d5b0c9c0c03" +dependencies = [ + "generic-array", + "rand_core", + "subtle", +] + +[[package]] +name = "crypto-bigint" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "03c6a1d5fa1de37e071642dfa44ec552ca5b299adb128fab16138e24b548fd21" dependencies = [ "generic-array", "rand_core", @@ -150,8 +167,17 @@ version = "0.4.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "79b71cca7d95d7681a4b3b9cdf63c8dbc3730d0584c2c74e31416d64a90493f4" dependencies = [ - "const-oid", - "crypto-bigint", + "const-oid 0.6.2", + "crypto-bigint 0.2.11", +] + +[[package]] +name = "der" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6919815d73839e7ad218de758883aae3a257ba6759ce7a9992501efbb53d705c" +dependencies = [ + "const-oid 0.7.1", ] [[package]] @@ -200,28 +226,29 @@ dependencies = [ [[package]] name = "ecdsa" -version = "0.12.4" +version = "0.13.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43ee23aa5b4f68c7a092b5c3beb25f50c406adc75e2363634f242f28ab255372" +checksum = "d0d69ae62e0ce582d56380743515fefaf1a8c70cec685d9677636d7e30ae9dc9" dependencies = [ - "der", + "der 0.5.1", "elliptic-curve", - "hmac", + "rfc6979", "signature", ] [[package]] name = "elliptic-curve" -version = "0.10.6" +version = "0.11.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "beca177dcb8eb540133e7680baff45e7cc4d93bf22002676cec549f82343721b" +checksum = "5fcbfdf46fd1157b49be0c2170bab2784ca19233b35c2dc772d60247b72f2071" dependencies = [ - "crypto-bigint", + "crypto-bigint 0.3.2", + "der 0.5.1", "ff", "generic-array", "group", - "pkcs8", "rand_core", + "sec1", "subtle", "zeroize", ] @@ -241,9 +268,9 @@ dependencies = [ [[package]] name = "ff" -version = "0.10.1" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0f40b2dcd8bc322217a5f6559ae5f9e9d1de202a2ecee2e9eafcbece7562a4f" +checksum = "b2958d04124b9f27f175eaeb9a9f383d026098aa837eadd8ba22c11f13a05b9e" dependencies = [ "rand_core", "subtle", @@ -272,9 +299,9 @@ dependencies = [ [[package]] name = "group" -version = "0.10.0" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c363a5301b8f153d80747126a04b3c82073b9fe3130571a9d170cacdeaf7912" +checksum = "bc5ac374b108929de78460075f3dc439fa66df9d8fc77e8f12caa5165fcf0c89" dependencies = [ "ff", "rand_core", @@ -457,22 +484,24 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "p256" -version = "0.9.0" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d053368e1bae4c8a672953397bd1bd7183dde1c72b0b7612a15719173148d186" +checksum = "19736d80675fbe9fe33426268150b951a3fb8f5cfca2a23a17c85ef3adb24e3b" dependencies = [ "ecdsa", "elliptic-curve", + "sec1", "sha2", ] [[package]] name = "p384" -version = "0.8.0" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f23bc88c404ccc881c8a1ad62ba5cd7d336a64ecbf46de4874f2ad955f67b157" +checksum = "755d8266e41f57bd8562ed9b6e93cdcf73ead050e1e8c3a27ea3871b6643a20c" dependencies = [ "elliptic-curve", + "sec1", ] [[package]] @@ -518,7 +547,7 @@ version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "116bee8279d783c0cf370efa1a94632f2108e5ef0bb32df31f051647810a4e2c" dependencies = [ - "der", + "der 0.4.5", "pem-rfc7468", "zeroize", ] @@ -529,10 +558,21 @@ version = "0.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ee3ef9b64d26bad0536099c816c6734379e45bbd5f14798def6809e5cc350447" dependencies = [ - "der", + "der 0.4.5", "pem-rfc7468", "pkcs1", - "spki", + "spki 0.4.1", + "zeroize", +] + +[[package]] +name = "pkcs8" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7cabda3fb821068a9a4fab19a683eac3af12edf0f34b94a8be53c4972b8149d0" +dependencies = [ + "der 0.5.1", + "spki 0.5.4", "zeroize", ] @@ -623,6 +663,17 @@ version = "0.6.25" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b" +[[package]] +name = "rfc6979" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96ef608575f6392792f9ecf7890c00086591d29a83910939d430753f7c050525" +dependencies = [ + "crypto-bigint 0.3.2", + "hmac", + "zeroize", +] + [[package]] name = "rsa" version = "0.5.0" @@ -637,7 +688,7 @@ dependencies = [ "num-iter", "num-traits", "pkcs1", - "pkcs8", + "pkcs8 0.7.6", "rand", "subtle", "zeroize", @@ -652,6 +703,19 @@ dependencies = [ "nom", ] +[[package]] +name = "sec1" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08da66b8b0965a5555b6bd6639e68ccba85e1e2506f5fbb089e93f8a04e1a2d1" +dependencies = [ + "der 0.5.1", + "generic-array", + "pkcs8 0.8.0", + "subtle", + "zeroize", +] + [[package]] name = "secrecy" version = "0.8.0" @@ -721,7 +785,17 @@ version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5c01a0c15da1b0b0e1494112e7af814a678fec9bd157881b49beac661e9b6f32" dependencies = [ - "der", + "der 0.4.5", +] + +[[package]] +name = "spki" +version = "0.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44d01ac02a6ccf3e07db148d2be087da624fea0221a16152ed01f0496a6b0a27" +dependencies = [ + "base64ct", + "der 0.5.1", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 49d7c1b..88934f9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -24,7 +24,7 @@ chrono = "0.4" cookie-factory = "0.3" der-parser = "6" des = "0.7" -elliptic-curve = "0.10" +elliptic-curve = "0.11" hmac = "0.11" log = "0.4" nom = "7" @@ -32,8 +32,8 @@ num-bigint-dig = { version = "0.7", features = ["rand"] } num-traits = "0.2" num-integer = "0.1" pbkdf2 = { version = "0.9", default-features = false } -p256 = "0.9" -p384 = "0.8" +p256 = "0.10" +p384 = "0.9" pcsc = "2" rand_core = { version = "0.6", features = ["std"] } rsa = "0.5" diff --git a/src/certificate.rs b/src/certificate.rs index da69ea2..7dc1332 100644 --- a/src/certificate.rs +++ b/src/certificate.rs @@ -210,10 +210,10 @@ impl PublicKeyInfo { .ok_or(Error::InvalidObject)?; match read_pki::ec_parameters(algorithm_parameters)? { - AlgorithmId::EccP256 => EcPublicKey::from_bytes(key_bytes) + AlgorithmId::EccP256 => EcPublicKey::::from_bytes(key_bytes) .map(PublicKeyInfo::EcP256) .map_err(|_| Error::InvalidObject), - AlgorithmId::EccP384 => EcPublicKey::from_bytes(key_bytes) + AlgorithmId::EccP384 => EcPublicKey::::from_bytes(key_bytes) .map(PublicKeyInfo::EcP384) .map_err(|_| Error::InvalidObject), _ => Err(Error::AlgorithmError), diff --git a/src/piv.rs b/src/piv.rs index 182cfb4..e64f103 100644 --- a/src/piv.rs +++ b/src/piv.rs @@ -54,6 +54,8 @@ use crate::{ }; use elliptic_curve::sec1::EncodedPoint as EcPublicKey; use log::{debug, error, warn}; +use p256::NistP256; +use p384::NistP384; use rsa::{BigUint, RsaPublicKey}; use std::str::FromStr; @@ -657,10 +659,14 @@ pub fn generate( let point = tlv.value.to_vec(); - if let AlgorithmId::EccP256 = algorithm { - EcPublicKey::from_bytes(point).map(PublicKeyInfo::EcP256) - } else { - EcPublicKey::from_bytes(point).map(PublicKeyInfo::EcP384) + match algorithm { + AlgorithmId::EccP256 => { + EcPublicKey::::from_bytes(point).map(PublicKeyInfo::EcP256) + } + AlgorithmId::EccP384 => { + EcPublicKey::::from_bytes(point).map(PublicKeyInfo::EcP384) + } + _ => return Err(Error::AlgorithmError), } .map_err(|_| Error::InvalidObject) }