From 95babac2d4cbb6113a414de908a1c560fb52fbe3 Mon Sep 17 00:00:00 2001 From: "Tony Arcieri (iqlusion)" Date: Thu, 2 Apr 2026 13:35:37 -0600 Subject: [PATCH] Upgrade dependencies; bump version to v0.9.0-pre (#665) Note: this is not a release, but bumping the version to reflect breaking changes that have not yet been released. The following dependencies have been upgraded to new stable releases: - `cipher` v0.5 - `der` v0.8 - `sha1` v0.11 - `sha2` v0.11 - `rand(_core)` v0.10 The following dependencies are prereleases which have been upgraded from older prerelease versions: - `aes` v0.9.0-rc.4 - `curve25519-dalek` 5.0.0-pre.6 - `des` v0.9.0-rc.3 - `ecdsa` v0.17.0-rc.16 - `ed25519-dalek` v3.0.0-pre.6 - `elliptic-curve` v0.14.0-rc.29 - `p256` v0.14.0-rc.8 - `p384` v0.14.0-rc.8 - `pbkdf2` v0.13.0-rc.10 - `rsa` v0.10.0-rc.17 - `signature` v3.0.0-rc.10 - `x25519-dalek` v3.0.0-pre.6 --- Cargo.lock | 573 ++++++++++++++++++++++++++++++------------- Cargo.toml | 41 ++-- README.md | 19 +- cli/Cargo.toml | 6 +- cli/README.md | 6 +- src/cccid.rs | 14 +- src/mgm.rs | 13 +- src/piv.rs | 2 +- src/setting.rs | 9 +- src/yubikey.rs | 21 +- tests/integration.rs | 8 +- 11 files changed, 466 insertions(+), 246 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1affb2c..bbd51fc 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4,13 +4,13 @@ version = 3 [[package]] name = "aes" -version = "0.9.0-rc.1" +version = "0.9.0-rc.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7e713c57c2a2b19159e7be83b9194600d7e8eb3b7c2cd67e671adf47ce189a05" +checksum = "04097e08a47d9ad181c2e1f4a5fabc9ae06ce8839a333ba9a949bcb0d31fd2a3" dependencies = [ - "cfg-if", "cipher", - "cpufeatures", + "cpubits", + "cpufeatures 0.2.17", "zeroize", ] @@ -72,6 +72,12 @@ dependencies = [ "windows-sys 0.59.0", ] +[[package]] +name = "anyhow" +version = "1.0.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c" + [[package]] name = "autocfg" version = "1.1.0" @@ -90,6 +96,12 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d8b59d472eab27ade8d770dcb11da7201c11234bef9f82ce7aa517be028d462b" +[[package]] +name = "base16ct" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fd307490d624467aa6f74b0eabb77633d1f758a7b25f12bceb0b22e08d9726f6" + [[package]] name = "base64ct" version = "1.6.0" @@ -110,9 +122,9 @@ checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" [[package]] name = "block-buffer" -version = "0.11.0-rc.5" +version = "0.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e9ef36a6fcdb072aa548f3da057640ec10859eb4e91ddf526ee648d50c76a949" +checksum = "cdd35008169921d80bc60d3d0ab416eecb028c4cd653352907921d95084790be" dependencies = [ "hybrid-array", ] @@ -124,10 +136,21 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] -name = "cipher" -version = "0.5.0-rc.1" +name = "chacha20" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e12a13eb01ded5d32ee9658d94f553a19e804204f2dc811df69ab4d9e0cb8c7" +checksum = "6f8d983286843e49675a4b7a2d174efe136dc93a18d69130dd18198a6c167601" +dependencies = [ + "cfg-if", + "cpufeatures 0.3.0", + "rand_core", +] + +[[package]] +name = "cipher" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e34d8227fe1ba289043aeb13792056ff80fd6de1a9f49137a5f499de8e8c78ea" dependencies = [ "crypto-common", "inout", @@ -173,6 +196,12 @@ version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6" +[[package]] +name = "cmov" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f88a43d011fc4a6876cb7344703e297c71dda42494fee094d5f7c76bf13f746" + [[package]] name = "colorchoice" version = "1.0.0" @@ -185,6 +214,12 @@ version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0dabb6555f92fb9ee4140454eb5dcd14c7960e1225c6d1a6cc361f032947713e" +[[package]] +name = "cpubits" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5ef0c543070d296ea414df2dd7625d1b24866ce206709d8a4a424f28377f5861" + [[package]] name = "cpufeatures" version = "0.2.17" @@ -195,11 +230,23 @@ dependencies = [ ] [[package]] -name = "crypto-bigint" -version = "0.7.0-rc.6" +name = "cpufeatures" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2966eb7f877e5cdac7e808e71010d0bef6321d58b8e58bf01b8bbbe44f77ea0" +checksum = "8b2a41393f66f16b0823bb79094d54ac5fbd34ab292ddafb9a0456ac9f87d201" dependencies = [ + "libc", +] + +[[package]] +name = "crypto-bigint" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42a0d26b245348befa0c121944541476763dcc46ede886c88f9d12e1697d27c3" +dependencies = [ + "cpubits", + "ctutils", + "getrandom 0.4.2", "hybrid-array", "num-traits", "rand_core", @@ -210,19 +257,20 @@ dependencies = [ [[package]] name = "crypto-common" -version = "0.2.0-rc.4" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a8235645834fbc6832939736ce2f2d08192652269e11010a6240f61b908a1c6" +checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710" dependencies = [ + "getrandom 0.4.2", "hybrid-array", "rand_core", ] [[package]] name = "crypto-primes" -version = "0.7.0-pre.3" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25f2523fbb68811c8710829417ad488086720a6349e337c38d12fa81e09e50bf" +checksum = "21f41f23de7d24cdbda7f0c4d9c0351f99a4ceb258ef30e5c1927af8987ffe5a" dependencies = [ "crypto-bigint", "libm", @@ -230,13 +278,23 @@ dependencies = [ ] [[package]] -name = "curve25519-dalek" -version = "5.0.0-pre.1" +name = "ctutils" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f9200d1d13637f15a6acb71e758f64624048d85b31a5fdbfd8eca1e2687d0b7" +checksum = "66270f854fb5b25a21ffc0ee8c214c309ef1ce60988e448f6433a0b4736d2609" +dependencies = [ + "cmov", + "subtle", +] + +[[package]] +name = "curve25519-dalek" +version = "5.0.0-pre.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "335f1947f241137a14106b6f5acc5918a5ede29c9d71d3f2cb1678d5075d9fc3" dependencies = [ "cfg-if", - "cpufeatures", + "cpufeatures 0.2.17", "curve25519-dalek-derive", "digest", "fiat-crypto", @@ -258,9 +316,9 @@ dependencies = [ [[package]] name = "der" -version = "0.8.0-rc.9" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e9d8dd2f26c86b27a2a8ea2767ec7f9df7a89516e4794e54ac01ee618dda3aa4" +checksum = "71fd89660b2dc699704064e59e9dba0147b903e85319429e131620d022be411b" dependencies = [ "const-oid", "der_derive", @@ -271,9 +329,9 @@ dependencies = [ [[package]] name = "der_derive" -version = "0.8.0-rc.6" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be645fee2afe89d293b96c19e4456e6ac69520fc9c6b8a58298550138e361ffe" +checksum = "59600e2c2d636fde9b65e99cc6445ac770c63d3628195ff39932b8d6d7409903" dependencies = [ "proc-macro2", "quote", @@ -282,30 +340,30 @@ dependencies = [ [[package]] name = "des" -version = "0.9.0-rc.1" +version = "0.9.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f51594a70805988feb1c85495ddec0c2052e4fbe59d9c0bb7f94bfc164f4f90" +checksum = "3214053e68a813b9c06ef61075c844f3a1cdeb307d8998ea8555c063caa52fa9" dependencies = [ "cipher", ] [[package]] name = "digest" -version = "0.11.0-rc.1" +version = "0.11.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3a4aae35a0fcbe22ff1be50fe96df72002d5a4a6fb4aae9193cf2da0daa36da2" +checksum = "4850db49bf08e663084f7fb5c87d202ef91a3907271aff24a94eb97ff039153c" dependencies = [ "block-buffer", "const-oid", "crypto-common", - "subtle", + "ctutils", ] [[package]] name = "ecdsa" -version = "0.17.0-rc.7" +version = "0.17.0-rc.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4ab355ec063f7a110eb627471058093aba00eb7f4e70afbd15e696b79d1077b" +checksum = "91bbdd377139884fafcad8dc43a760a3e1e681aa26db910257fa6535b70e1829" dependencies = [ "der", "digest", @@ -318,9 +376,9 @@ dependencies = [ [[package]] name = "ed25519" -version = "3.0.0-rc.1" +version = "3.0.0-rc.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ef49c0b20c0ad088893ad2a790a29c06a012b3f05bcfc66661fd22a94b32129" +checksum = "c6e914c7c52decb085cea910552e24c63ac019e3ab8bf001ff736da9a9d9d890" dependencies = [ "pkcs8", "signature", @@ -328,9 +386,9 @@ dependencies = [ [[package]] name = "ed25519-dalek" -version = "3.0.0-pre.1" +version = "3.0.0-pre.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ad207ed88a133091f83224265eac21109930db09bedcad05d5252f2af2de20a1" +checksum = "053618a4c3d3bc24f188aa660ae75a46eeab74ef07fb415c61431e5e7cd4749b" dependencies = [ "curve25519-dalek", "ed25519", @@ -343,19 +401,21 @@ dependencies = [ [[package]] name = "elliptic-curve" -version = "0.14.0-rc.14" +version = "0.14.0-rc.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ae7ba52b8bca06caab3e74b7cf8858a2934e6e75d80b03dbe48d2d394a4489c" +checksum = "e84043d573efd4ac9d2d125817979a379204bf7e328b25a4a30487e8d100e618" dependencies = [ - "base16ct 0.3.0", + "base16ct 1.0.0", "crypto-bigint", + "crypto-common", "digest", - "ff", - "group", "hybrid-array", + "once_cell", "pem-rfc7468", "pkcs8", "rand_core", + "rustcrypto-ff", + "rustcrypto-group", "sec1", "subtle", "zeroize", @@ -385,14 +445,10 @@ dependencies = [ ] [[package]] -name = "ff" -version = "0.14.0-pre.0" +name = "equivalent" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d42dd26f5790eda47c1a2158ea4120e32c35ddc9a7743c98a292accc01b54ef3" -dependencies = [ - "rand_core", - "subtle", -] +checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" [[package]] name = "fiat-crypto" @@ -406,6 +462,12 @@ version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b7ac824320a75a52197e8f2d787f6a38b6718bb6897a35142d749af3c0e8f4fe" +[[package]] +name = "foldhash" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" + [[package]] name = "getrandom" version = "0.2.11" @@ -414,32 +476,38 @@ checksum = "fe9006bed769170c11f845cf00c7c1e9092aeb3f268e007c3e760ac68008070f" dependencies = [ "cfg-if", "libc", - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi", ] [[package]] name = "getrandom" -version = "0.3.3" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4" +checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555" dependencies = [ "cfg-if", "libc", "r-efi", - "wasi 0.14.2+wasi-0.2.4", + "rand_core", + "wasip2", + "wasip3", ] [[package]] -name = "group" -version = "0.14.0-pre.0" +name = "hashbrown" +version = "0.15.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ff6a0b2dd4b981b1ae9e3e6830ab146771f3660d31d57bafd9018805a91b0f1" +checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1" dependencies = [ - "ff", - "rand_core", - "subtle", + "foldhash", ] +[[package]] +name = "hashbrown" +version = "0.16.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100" + [[package]] name = "heck" version = "0.5.0" @@ -448,9 +516,9 @@ checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" [[package]] name = "hmac" -version = "0.13.0-rc.1" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49e206bca159aebaaed410f5e78b2fe56bfc0dd5b19ecae922813b8556b8b07e" +checksum = "6303bc9732ae41b04cb554b844a762b4115a61bfaa81e3e83050991eeb56863f" dependencies = [ "digest", ] @@ -463,19 +531,38 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "hybrid-array" -version = "0.4.0" +version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fe39a812f039072707ce38020acbab2f769087952eddd9e2b890f37654b2349" +checksum = "3944cf8cf766b40e2a1a333ee5e9b563f854d5fa49d6a8ca2764e97c6eddb214" dependencies = [ + "subtle", "typenum", "zeroize", ] [[package]] -name = "inout" -version = "0.2.0-rc.6" +name = "id-arena" +version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1603f76010ff924b616c8f44815a42eb10fb0b93d308b41deaa8da6d4251fd4b" +checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954" + +[[package]] +name = "indexmap" +version = "2.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7714e70437a7dc3ac8eb7e6f8df75fd8eb422675fc7678aff7364301092b1017" +dependencies = [ + "equivalent", + "hashbrown 0.16.1", + "serde", + "serde_core", +] + +[[package]] +name = "inout" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4250ce6452e92010fdf7268ccc5d14faa80bb12fc741938534c58f16804e03c7" dependencies = [ "hybrid-array", ] @@ -486,6 +573,18 @@ version = "1.70.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf" +[[package]] +name = "itoa" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682" + +[[package]] +name = "leb128fmt" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" + [[package]] name = "libc" version = "0.2.172" @@ -530,15 +629,15 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.19.0" +version = "1.21.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" +checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50" [[package]] name = "p256" -version = "0.14.0-pre.11" +version = "0.14.0-rc.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81b374901df34ee468167a58e2a49e468cb059868479cafebeb804f6b855423d" +checksum = "44f0a10fe314869359cb2901342b045f4e5a962ef9febc006f03d2a8c848fe4c" dependencies = [ "ecdsa", "elliptic-curve", @@ -549,9 +648,9 @@ dependencies = [ [[package]] name = "p384" -version = "0.14.0-pre.11" +version = "0.14.0-rc.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "701032b3730df6b882496d6cee8221de0ce4bc11ddc64e6d89784aa5b8a6de30" +checksum = "b079e66810c55ab3d6ba424e056dc4aefcdb8046c8c3f3816142edbdd7af7721" dependencies = [ "ecdsa", "elliptic-curve", @@ -563,9 +662,9 @@ dependencies = [ [[package]] name = "pbkdf2" -version = "0.13.0-rc.1" +version = "0.13.0-rc.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca3fc18bb4460ac250ba6b75dfa7cf9d0b2273e3e623f660bd6ce2c3e902342e" +checksum = "1f24f3eb2f4471b1730d59e4b730b747939960a8c7eb0c33c5a9076f2d3dddea" dependencies = [ "digest", "hmac", @@ -592,9 +691,9 @@ dependencies = [ [[package]] name = "pem-rfc7468" -version = "1.0.0-rc.3" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8e58fab693c712c0d4e88f8eb3087b6521d060bcaf76aeb20cb192d809115ba" +checksum = "a6305423e0e7738146434843d1694d621cce767262b2a86910beab705e4493d9" dependencies = [ "base64ct", ] @@ -611,9 +710,9 @@ dependencies = [ [[package]] name = "pkcs8" -version = "0.11.0-rc.7" +version = "0.11.0-rc.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93eac55f10aceed84769df670ea4a32d2ffad7399400d41ee1c13b1cd8e1b478" +checksum = "12922b6296c06eb741b02d7b5161e3aaa22864af38dfa025a1a3ba3f68c84577" dependencies = [ "der", "spki", @@ -626,32 +725,34 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" [[package]] -name = "ppv-lite86" -version = "0.2.21" +name = "prettyplease" +version = "0.2.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" dependencies = [ - "zerocopy", + "proc-macro2", + "syn", ] [[package]] name = "primefield" -version = "0.14.0-pre.6" +version = "0.14.0-rc.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7fcd4a163053332fd93f39b81c133e96a98567660981654579c90a99062fbf5" +checksum = "c6543f5eec854fbf74ba5ef651fbdc9408919b47c3e1526623687135c16d12e9" dependencies = [ "crypto-bigint", - "ff", + "crypto-common", "rand_core", + "rustcrypto-ff", "subtle", "zeroize", ] [[package]] name = "primeorder" -version = "0.14.0-pre.9" +version = "0.14.0-rc.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c36e8766fcd270fa9c665b9dc364f570695f5a59240949441b077a397f15b74" +checksum = "569d9ad6ef822bb0322c7e7d84e5e286244050bd5246cac4c013535ae91c2c90" dependencies = [ "elliptic-curve", ] @@ -676,38 +777,26 @@ dependencies = [ [[package]] name = "r-efi" -version = "5.2.0" +version = "6.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74765f6d916ee2faa39bc8e68e4f3ed8949b48cccdac59983d287a7cb71ce9c5" +checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf" [[package]] name = "rand" -version = "0.9.1" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fbfd9d094a40bf3ae768db9361049ace4c0e04a4fd6b359518bd7b73a73dd97" +checksum = "bc266eb313df6c5c09c1c7b1fbe2510961e5bcd3add930c1e31f7ed9da0feff8" dependencies = [ - "rand_chacha", - "rand_core", -] - -[[package]] -name = "rand_chacha" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" -dependencies = [ - "ppv-lite86", + "chacha20", + "getrandom 0.4.2", "rand_core", ] [[package]] name = "rand_core" -version = "0.9.3" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38" -dependencies = [ - "getrandom 0.3.3", -] +checksum = "0c8d0fd677905edcbeedbf2edb6494d676f0e98d54d5cf9bda0b061cb8fb8aba" [[package]] name = "regex" @@ -740,9 +829,9 @@ checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "rfc6979" -version = "0.5.0-rc.1" +version = "0.5.0-rc.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d369f9c4f79388704648e7bcb92749c0d6cf4397039293a9b747694fa4fb4bae" +checksum = "23a3127ee32baec36af75b4107082d9bd823501ec14a4e016be4b6b37faa74ae" dependencies = [ "hmac", "subtle", @@ -750,9 +839,9 @@ dependencies = [ [[package]] name = "rsa" -version = "0.10.0-rc.8" +version = "0.10.0-rc.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd8c26d4f6d0d2689c1cc822ac369edb64b4a090bc53141ae563bfa19c797300" +checksum = "87ed3e93fc7e473e464b9726f4759659e72bc8665e4b8ea227547024f416d905" dependencies = [ "const-oid", "crypto-bigint", @@ -764,7 +853,6 @@ dependencies = [ "sha2", "signature", "spki", - "subtle", "zeroize", ] @@ -778,24 +866,37 @@ dependencies = [ ] [[package]] -name = "sec1" -version = "0.8.0-rc.10" +name = "rustcrypto-ff" +version = "0.14.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1dff52f6118bc9f0ac974a54a639d499ac26a6cad7a6e39bc0990c19625e793b" +checksum = "fd2a8adb347447693cd2ba0d218c4b66c62da9b0a5672b17b981e4291ec65ff6" dependencies = [ - "base16ct 0.3.0", - "der", - "hybrid-array", + "rand_core", "subtle", - "zeroize", ] [[package]] -name = "secrecy" -version = "0.8.0" +name = "rustcrypto-group" +version = "0.14.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9bd1c54ea06cfd2f6b63219704de0b9b4f72dcc2b8fdef820be6cd799780e91e" +checksum = "369f9b61aa45933c062c9f6b5c3c50ab710687eca83dd3802653b140b43f85ed" dependencies = [ + "rand_core", + "rustcrypto-ff", + "subtle", +] + +[[package]] +name = "sec1" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d56d437c2f19203ce5f7122e507831de96f3d2d4d3be5af44a0b0a09d8a80e4d" +dependencies = [ + "base16ct 1.0.0", + "ctutils", + "der", + "hybrid-array", + "subtle", "zeroize", ] @@ -807,24 +908,46 @@ checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2" [[package]] name = "serde" -version = "1.0.193" +version = "1.0.228" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25dd9975e68d0cb5aa1120c288333fc98731bd1dd12f561e468ea4728c042b89" +checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" +dependencies = [ + "serde_core", +] + +[[package]] +name = "serde_core" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.193" +version = "1.0.228" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3" +checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" dependencies = [ "proc-macro2", "quote", "syn", ] +[[package]] +name = "serde_json" +version = "1.0.149" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" +dependencies = [ + "itoa", + "memchr", + "serde", + "serde_core", + "zmij", +] + [[package]] name = "serdect" version = "0.4.1" @@ -837,31 +960,31 @@ dependencies = [ [[package]] name = "sha1" -version = "0.11.0-rc.2" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c5e046edf639aa2e7afb285589e5405de2ef7e61d4b0ac1e30256e3eab911af9" +checksum = "aacc4cc499359472b4abe1bf11d0b12e688af9a805fa5e3016f9a386dc2d0214" dependencies = [ "cfg-if", - "cpufeatures", + "cpufeatures 0.3.0", "digest", ] [[package]] name = "sha2" -version = "0.11.0-rc.2" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d1e3878ab0f98e35b2df35fe53201d088299b41a6bb63e3e34dada2ac4abd924" +checksum = "446ba717509524cb3f22f17ecc096f10f4822d76ab5c0b9822c5f9c284e825f4" dependencies = [ "cfg-if", - "cpufeatures", + "cpufeatures 0.3.0", "digest", ] [[package]] name = "signature" -version = "3.0.0-rc.4" +version = "3.0.0-rc.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc280a6ff65c79fbd6622f64d7127f32b85563bca8c53cd2e9141d6744a9056d" +checksum = "7f1880df446116126965eeec169136b2e0251dba37c6223bcc819569550edea3" dependencies = [ "digest", "rand_core", @@ -891,9 +1014,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" -version = "2.0.101" +version = "2.0.117" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ce2b7fc941b3a24138a0a7cf8e858bfc6a992e7978a068a5c760deb0ed43caf" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" dependencies = [ "proc-macro2", "quote", @@ -942,6 +1065,12 @@ version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +[[package]] +name = "unicode-xid" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" + [[package]] name = "utf8parse" version = "0.2.1" @@ -964,12 +1093,55 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] -name = "wasi" -version = "0.14.2+wasi-0.2.4" +name = "wasip2" +version = "1.0.2+wasi-0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3" +checksum = "9517f9239f02c069db75e65f174b3da828fe5f5b945c4dd26bd25d89c03ebcf5" dependencies = [ - "wit-bindgen-rt", + "wit-bindgen", +] + +[[package]] +name = "wasip3" +version = "0.4.0+wasi-0.3.0-rc-2026-01-06" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5" +dependencies = [ + "wit-bindgen", +] + +[[package]] +name = "wasm-encoder" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319" +dependencies = [ + "leb128fmt", + "wasmparser", +] + +[[package]] +name = "wasm-metadata" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909" +dependencies = [ + "anyhow", + "indexmap", + "wasm-encoder", + "wasmparser", +] + +[[package]] +name = "wasmparser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" +dependencies = [ + "bitflags 2.5.0", + "hashbrown 0.15.5", + "indexmap", + "semver", ] [[package]] @@ -1143,31 +1315,109 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] -name = "wit-bindgen-rt" -version = "0.39.0" +name = "wit-bindgen" +version = "0.51.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1" +checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" dependencies = [ + "wit-bindgen-rust-macro", +] + +[[package]] +name = "wit-bindgen-core" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc" +dependencies = [ + "anyhow", + "heck", + "wit-parser", +] + +[[package]] +name = "wit-bindgen-rust" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21" +dependencies = [ + "anyhow", + "heck", + "indexmap", + "prettyplease", + "syn", + "wasm-metadata", + "wit-bindgen-core", + "wit-component", +] + +[[package]] +name = "wit-bindgen-rust-macro" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a" +dependencies = [ + "anyhow", + "prettyplease", + "proc-macro2", + "quote", + "syn", + "wit-bindgen-core", + "wit-bindgen-rust", +] + +[[package]] +name = "wit-component" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" +dependencies = [ + "anyhow", "bitflags 2.5.0", + "indexmap", + "log", + "serde", + "serde_derive", + "serde_json", + "wasm-encoder", + "wasm-metadata", + "wasmparser", + "wit-parser", +] + +[[package]] +name = "wit-parser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736" +dependencies = [ + "anyhow", + "id-arena", + "indexmap", + "log", + "semver", + "serde", + "serde_derive", + "serde_json", + "unicode-xid", + "wasmparser", ] [[package]] name = "x25519-dalek" -version = "3.0.0-pre.1" +version = "3.0.0-pre.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3a45998121837fd8c92655d2334aa8f3e5ef0645cdfda5b321b13760c548fd55" +checksum = "b3d5d6ff67acd3945b933e592bfa7143db4fcbb2f871754b6b9fbd7847fc5aea" dependencies = [ "curve25519-dalek", "rand_core", - "serde", "zeroize", ] [[package]] name = "x509-cert" -version = "0.3.0-rc.2" +version = "0.3.0-rc.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "214929cc983d42a67db8bfacea8595625bc252e9d88457aab2770cea58371145" +checksum = "1e21aad3a769f25f3d2d0cbf30ea8b50a1d602354bd6ab687fad112821608ba6" dependencies = [ "const-oid", "der", @@ -1179,7 +1429,7 @@ dependencies = [ [[package]] name = "yubikey" -version = "0.8.0" +version = "0.9.0-pre" dependencies = [ "aes", "base16ct 0.2.0", @@ -1202,7 +1452,6 @@ dependencies = [ "rand", "rand_core", "rsa", - "secrecy", "sha1", "sha2", "signature", @@ -1215,7 +1464,7 @@ dependencies = [ [[package]] name = "yubikey-cli" -version = "0.8.0-pre" +version = "0.9.0-pre" dependencies = [ "base16ct 0.2.0", "clap", @@ -1228,26 +1477,6 @@ dependencies = [ "yubikey", ] -[[package]] -name = "zerocopy" -version = "0.8.25" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1702d9583232ddb9174e01bb7c15a2ab8fb1bc6f227aa1233858c351a3ba0cb" -dependencies = [ - "zerocopy-derive", -] - -[[package]] -name = "zerocopy-derive" -version = "0.8.25" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28a6e20d751156648aa063f3800b706ee209a32c0b4d9f24be3d980b01be55ef" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "zeroize" version = "1.8.1" @@ -1267,3 +1496,9 @@ dependencies = [ "quote", "syn", ] + +[[package]] +name = "zmij" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa" diff --git a/Cargo.toml b/Cargo.toml index 0112ebd..41bc080 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "yubikey" -version = "0.8.0" +version = "0.9.0-pre" description = """ Pure Rust cross-platform host-side driver for YubiKey devices from Yubico with support for hardware-backed public-key decryption and digital signatures using @@ -20,36 +20,35 @@ rust-version = "1.85" members = [".", "cli"] [workspace.dependencies] -sha2 = "0.11.0-rc.2" -x509-cert = { version = "0.3.0-rc.2", features = ["builder", "hazmat"] } +sha2 = "0.11" +x509-cert = { version = "0.3.0-rc.4", features = ["builder", "hazmat"] } [dependencies] -aes = { version = "0.9.0-rc.1", features = ["zeroize"] } +aes = { version = "0.9.0-rc.4", features = ["zeroize"] } bitflags = "2.5.0" -cipher = { version = "0.5.0-rc.1", features = ["rand_core"] } -der = "0.8.0-rc.9" -des = "0.9.0-rc.1" -elliptic-curve = "0.14.0-rc.13" +cipher = { version = "0.5", features = ["getrandom", "rand_core"] } +curve25519-dalek = "5.0.0-pre.6" +der = "0.8" +des = "0.9.0-rc.3" +ecdsa = { version = "0.17.0-rc.16", features = ["digest", "pem"] } +ed25519-dalek = { version = "3.0.0-pre.6", features = ["alloc", "pkcs8"] } +elliptic-curve = "0.14.0-rc.29" hex = { package = "base16ct", version = "0.2", features = ["alloc"] } log = "0.4" nom = "8" -ecdsa = { version = "0.17.0-rc.6", features = ["digest", "pem"] } -p256 = "=0.14.0-pre.11" -p384 = "=0.14.0-pre.11" -pbkdf2 = { version = "0.13.0-rc.1", default-features = false, features = ["hmac"] } -curve25519-dalek = "5.0.0-pre.0" -x25519-dalek = "3.0.0-pre.0" -ed25519-dalek = { version = "3.0.0-pre.0", features = ["alloc", "pkcs8"] } +p256 = "0.14.0-rc.8" +p384 = "0.14.0-rc.8" +pbkdf2 = { version = "0.13.0-rc.10", default-features = false, features = ["hmac"] } pcsc = "2.3.1" -rand = "0.9" -rand_core = { version = "0.9", features = ["os_rng"] } -rsa = { version = "0.10.0-rc.8", features = ["sha2"] } -secrecy = "0.8" -sha1 = { version = "0.11.0-rc.2", features = ["oid"] } +rand = "0.10" +rand_core = "0.10" +rsa = { version = "0.10.0-rc.17", features = ["sha2"] } +sha1 = { version = "0.11", features = ["oid"] } sha2 = { workspace = true, features = ["oid"] } -signature = "3.0.0-rc.4" +signature = "3.0.0-rc.10" subtle = "2" uuid = { version = "1.2", features = ["v4"] } +x25519-dalek = "3.0.0-pre.6" x509-cert.workspace = true zeroize = "1" diff --git a/README.md b/README.md index 35e0278..33f1482 100644 --- a/README.md +++ b/README.md @@ -54,13 +54,14 @@ See [Yubico's guide to PIV-enabled YubiKeys][yk-guide] for more information on which devices support PIV and the available functionality. ### Supported Algorithms + - **Authentication**: `3DES` - **Encryption**: - - RSA: `RSA1024`, `RSA2048`, `RSA3072`, `RSA4096` - - ECC: `ECCP256`, `ECCP384` (NIST curves: P-256, P-384) + - RSA: `RSA1024`, `RSA2048`, `RSA3072`, `RSA4096` + - ECC: `ECCP256`, `ECCP384` (NIST curves: P-256, P-384) - **Signatures**: - - RSASSA-PKCS#1v1.5: `RSA1024`, `RSA2048`, `RSA3072`, `RSA4096` - - ECDSA: `ECCP256`, `ECCP384` (NIST curves: P-256, P-384) + - RSASSA-PKCS#1v1.5: `RSA1024`, `RSA2048`, `RSA3072`, `RSA4096` + - ECDSA: `ECCP256`, `ECCP384` (NIST curves: P-256, P-384) NOTE: @@ -76,8 +77,7 @@ Rust **1.60** or newer. - [YubiKey 4] series - [YubiKey 5] series -NOTE: Nano and USB-C variants of the above are also supported. - Pre-YK4 [YubiKey NEO] series is **NOT** supported (see [#18]). +NOTE: Nano and USB-C variants of the above are also supported. NEO series is NOT supported. ## Supported Operating Systems @@ -105,8 +105,8 @@ We would appreciate any help testing this functionality and removing the ## Testing -To run the full test suite, you'll need a connected YubiKey NEO/4/5 device in -the default state (i.e. default PIN/PUK). +To run the full test suite, you'll need a supported YubiKey device connected +which is in the default state (i.e. default PIN/PUK). Tests which run live against a YubiKey device are marked as `#[ignore]` by default in order to pass when running in a CI environment. To run these @@ -217,7 +217,7 @@ or conditions. [docs-link]: https://docs.rs/yubikey/ [license-image]: https://img.shields.io/badge/license-BSD-blue.svg [license-link]: https://github.com/iqlusioninc/yubikey.rs/blob/main/COPYING -[msrv-image]: https://img.shields.io/badge/rustc-1.81+-blue.svg +[msrv-image]: https://img.shields.io/badge/rustc-1.85+-blue.svg [safety-image]: https://img.shields.io/badge/unsafe-forbidden-success.svg [safety-link]: https://github.com/rust-secure-code/safety-dance/ [build-image]: https://github.com/iqlusioninc/yubikey.rs/actions/workflows/ci.yml/badge.svg @@ -234,7 +234,6 @@ or conditions. [PC/SC]: https://en.wikipedia.org/wiki/PC/SC [`pcsc` crate]: https://github.com/bluetech/pcsc-rust [yk-guide]: https://developers.yubico.com/PIV/Introduction/YubiKey_and_PIV.html -[YubiKey NEO]: https://support.yubico.com/support/solutions/articles/15000006494-yubikey-neo [YubiKey 4]: https://support.yubico.com/support/solutions/articles/15000006486-yubikey-4 [YubiKey 5]: https://www.yubico.com/products/yubikey-5-overview/ [yubico-piv-tool]: https://github.com/Yubico/yubico-piv-tool/ diff --git a/cli/Cargo.toml b/cli/Cargo.toml index 317a758..6677907 100644 --- a/cli/Cargo.toml +++ b/cli/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "yubikey-cli" -version = "0.8.0-pre" +version = "0.9.0-pre" description = """ Command-line interface for performing encryption and signing using RSA/ECC keys stored on YubiKey devices. @@ -12,7 +12,7 @@ readme = "README.md" categories = ["command-line-utilities", "cryptography", "hardware-support"] keywords = ["ecdsa", "rsa", "piv", "pcsc", "yubikey"] edition = "2021" -rust-version = "1.81" +rust-version = "1.85" [dependencies] clap = { version = "4", features = ["derive"] } @@ -23,4 +23,4 @@ once_cell = "1" sha2.workspace = true termcolor = "1" x509-cert.workspace = true -yubikey = { version = "0.8", path = ".." } +yubikey = { version = "=0.9.0-pre", path = ".." } diff --git a/cli/README.md b/cli/README.md index 7e1a14f..e4ccf35 100644 --- a/cli/README.md +++ b/cli/README.md @@ -25,8 +25,7 @@ Rust **1.60** or newer. - [YubiKey 4] series - [YubiKey 5] series -NOTE: Nano and USB-C variants of the above are also supported. - Pre-YK4 [YubiKey NEO] series is **NOT** supported (see [#18]). +NOTE: Nano and USB-C variants of the above are also supported. NEO series is NOT supported. ## Security Warning @@ -84,7 +83,7 @@ or conditions. [docs-image]: https://docs.rs/yubikey-cli/badge.svg [docs-link]: https://docs.rs/yubikey-cli/ [license-image]: https://img.shields.io/badge/license-BSD-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.60+-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.85+-blue.svg [maintenance-image]: https://img.shields.io/badge/maintenance-experimental-blue.svg [safety-image]: https://img.shields.io/badge/unsafe-forbidden-success.svg [safety-link]: https://github.com/rust-secure-code/safety-dance/ @@ -98,7 +97,6 @@ or conditions. [PIV]: https://piv.idmanagement.gov/ [yk-guide]: https://developers.yubico.com/PIV/Introduction/YubiKey_and_PIV.html [Yubico]: https://www.yubico.com/ -[YubiKey NEO]: https://support.yubico.com/support/solutions/articles/15000006494-yubikey-neo [YubiKey 4]: https://support.yubico.com/support/solutions/articles/15000006486-yubikey-4 [YubiKey 5]: https://www.yubico.com/products/yubikey-5-overview/ [yubico-piv-tool]: https://github.com/Yubico/yubico-piv-tool/ diff --git a/src/cccid.rs b/src/cccid.rs index 10dabf1..e25f520 100644 --- a/src/cccid.rs +++ b/src/cccid.rs @@ -31,7 +31,8 @@ // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. use crate::{Result, YubiKey}; -use rand_core::{OsRng, RngCore, TryRngCore}; +use cipher::common::Generate; +use rand_core::CryptoRng; use std::fmt::{self, Debug, Display}; /// CCCID offset @@ -66,15 +67,12 @@ impl CardId { /// Generate a random CCC Card ID pub fn generate() -> Self { - let mut rng = OsRng.unwrap_err(); - Self::generate_from_rng(&mut rng) + Self(Generate::generate()) } - /// Generate a random CCC Card ID from an [`RngCore`] - pub fn generate_from_rng(rng: &mut R) -> Self { - let mut id = [0u8; Self::BYTE_SIZE]; - rng.fill_bytes(&mut id); - Self(id) + /// Generate a random CCC Card ID from an [`Rng`] + pub fn generate_from_rng(rng: &mut R) -> Self { + Self(Generate::generate_from_rng(rng)) } } diff --git a/src/mgm.rs b/src/mgm.rs index 584e7e3..b24f3cd 100644 --- a/src/mgm.rs +++ b/src/mgm.rs @@ -39,7 +39,8 @@ use crate::{ }; use bitflags::bitflags; use cipher::{ - typenum::Unsigned, BlockCipherDecrypt, BlockCipherEncrypt, Key, KeyInit, KeySizeUser, + common::Generate, typenum::Unsigned, BlockCipherDecrypt, BlockCipherEncrypt, Key, KeyInit, + KeySizeUser, }; use log::error; use rand::TryCryptoRng; @@ -202,16 +203,16 @@ impl MgmKey { pub fn generate(alg: MgmAlgorithmId, rng: &mut impl TryCryptoRng) -> Result { match alg { MgmAlgorithmId::ThreeDes => { - des::TdesEde3::try_generate_key_with_rng(rng).map(MgmKeyKind::Tdes) + Key::::try_generate_from_rng(rng).map(MgmKeyKind::Tdes) } MgmAlgorithmId::Aes128 => { - aes::Aes128::try_generate_key_with_rng(rng).map(MgmKeyKind::Aes128) + Key::::try_generate_from_rng(rng).map(MgmKeyKind::Aes128) } MgmAlgorithmId::Aes192 => { - aes::Aes192::try_generate_key_with_rng(rng).map(MgmKeyKind::Aes192) + Key::::try_generate_from_rng(rng).map(MgmKeyKind::Aes192) } MgmAlgorithmId::Aes256 => { - aes::Aes256::try_generate_key_with_rng(rng).map(MgmKeyKind::Aes256) + Key::::try_generate_from_rng(rng).map(MgmKeyKind::Aes256) } } .map_err(|e| { @@ -295,7 +296,6 @@ impl MgmKey { let mut mgm = Key::::default(); pbkdf2_hmac::(pin, salt, ITER_MGM_PBKDF2, &mut mgm); - des::TdesEde3::weak_key_test(&mgm).map_err(|_| Error::KeyError)?; Ok(Self(MgmKeyKind::Tdes(mgm))) } @@ -480,7 +480,6 @@ impl MgmKey { MgmAlgorithmId::ThreeDes => { let key = Key::::try_from(bytes.as_ref()).map_err(|_| Error::SizeError)?; - des::TdesEde3::weak_key_test(&key).map_err(|_| Error::KeyError)?; Ok(MgmKeyKind::Tdes(key)) } MgmAlgorithmId::Aes128 => Key::::try_from(bytes.as_ref()) diff --git a/src/piv.rs b/src/piv.rs index a1268a7..34f6aea 100644 --- a/src/piv.rs +++ b/src/piv.rs @@ -53,7 +53,7 @@ use crate::{ yubikey::YubiKey, Buffer, ObjectId, }; -use elliptic_curve::{sec1::EncodedPoint as EcPublicKey, PublicKey}; +use elliptic_curve::{sec1::Sec1Point as EcPublicKey, PublicKey}; use log::{debug, error, warn}; use p256::NistP256; use p384::NistP384; diff --git a/src/setting.rs b/src/setting.rs index 4ba31b6..e6b7f3a 100644 --- a/src/setting.rs +++ b/src/setting.rs @@ -41,7 +41,7 @@ use std::{ }; /// Source of how a setting was configured. -#[derive(Clone, Copy, Debug, Eq, PartialEq)] +#[derive(Clone, Copy, Debug, Default, Eq, PartialEq)] pub enum SettingSource { /// User-specified setting: sourced via `YUBIKEY_PIV_*` environment vars. User, @@ -51,15 +51,10 @@ pub enum SettingSource { Admin, /// Default setting. + #[default] Default, } -impl Default for SettingSource { - fn default() -> Self { - Self::Default - } -} - /// Setting booleans: configuration values sourced from a file or the environment. /// /// These can be configured globally in `/etc/yubico/yubikeypiv.conf` by a diff --git a/src/yubikey.rs b/src/yubikey.rs index ba42096..e6e328d 100644 --- a/src/yubikey.rs +++ b/src/yubikey.rs @@ -41,9 +41,10 @@ use crate::{ reader::{Context, Reader}, transaction::Transaction, }; +use cipher::common::getrandom::SysRng; use log::{error, info}; use pcsc::Card; -use rand_core::{OsRng, RngCore, TryRngCore}; +use rand_core::TryRng; use std::{ cmp::{Ord, Ordering}, fmt::{self, Display}, @@ -60,7 +61,6 @@ use { transaction::ChangeRefAction, Buffer, ObjectId, }, - secrecy::ExposeSecret, std::time::{SystemTime, UNIX_EPOCH}, }; @@ -77,7 +77,8 @@ pub(crate) const KEY_CARDMGM: u8 = 0x9b; const TAG_DYN_AUTH: u8 = 0x7c; /// Cached YubiKey PIN. -pub type CachedPin = secrecy::SecretVec; +// TODO(tarcieri): add a newtype for this with a zeroize impl +pub type CachedPin = Vec; /// YubiKey serial number. #[derive(Copy, Clone, Debug, Eq, PartialEq, Hash, PartialOrd, Ord)] @@ -320,10 +321,7 @@ impl YubiKey { pcsc::Disposition::ResetCard, )?; - let pin = self - .pin - .as_ref() - .map(|p| Buffer::new(p.expose_secret().clone())); + let pin = self.pin.as_ref().map(|p| Buffer::new(p.clone())); let txn = Transaction::new(&mut self.card)?; txn.select_piv_application()?; @@ -443,8 +441,9 @@ impl YubiKey { data.push(challenge_len as u8); let mut host_challenge = vec![0u8; challenge_len]; - let mut rng = OsRng.unwrap_err(); - rng.fill_bytes(&mut host_challenge); + SysRng + .try_fill_bytes(&mut host_challenge) + .map_err(|_| Error::GenericError)?; data.extend_from_slice(&host_challenge); @@ -501,7 +500,7 @@ impl YubiKey { } if !pin.is_empty() { - self.pin = Some(CachedPin::new(pin.into())) + self.pin = Some(pin.into()) } Ok(()) @@ -557,7 +556,7 @@ impl YubiKey { } if !new_pin.is_empty() { - self.pin = Some(CachedPin::new(new_pin.into())); + self.pin = Some(new_pin.into()); } Ok(()) diff --git a/tests/integration.rs b/tests/integration.rs index 5eae3cb..efe0a6c 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -3,9 +3,9 @@ #![forbid(unsafe_code)] #![warn(missing_docs, rust_2018_idioms, trivial_casts, unused_qualifications)] +use cipher::common::{getrandom::SysRng, Generate}; use log::trace; use once_cell::sync::Lazy; -use rand_core::{OsRng, RngCore, TryRngCore}; use rsa::{pkcs1v15, RsaPublicKey}; use sha2::{Digest, Sha256}; use signature::hazmat::PrehashVerifier; @@ -129,7 +129,7 @@ fn test_verify_pin() { #[test] #[ignore] fn test_set_mgmkey() { - let mut rng = OsRng; + let mut rng = SysRng; let mut yubikey = match YUBIKEY.lock() { Ok(yubikey) => yubikey, Err(poison) => poison.into_inner(), @@ -190,9 +190,7 @@ fn generate_self_signed_cert() -> Certificate { // 0x80 0x00 ... (20bytes) is invalid because of high MSB (serial will keep the sign) // we'll limit ourselves to 19 bytes serial. - let mut serial = [0u8; 19]; - let mut rng = OsRng.unwrap_err(); - rng.fill_bytes(&mut serial); + let serial = <[u8; 19]>::generate(); let serial = SerialNumber::new(&serial[..]).expect("serial can't be more than 20 bytes long"); let validity = Validity::from_now(Duration::new(500000, 0)).unwrap();