From ccf19a36681f6a24ffcd48f9a2e3a4ea9b6149ec Mon Sep 17 00:00:00 2001 From: "Tony Arcieri (iqlusion)" Date: Mon, 14 Nov 2022 12:08:05 -0700 Subject: [PATCH] Bump `rsa` to v0.7.1 (#440) --- Cargo.lock | 101 ++++++++++--------------------------------- Cargo.toml | 8 ++-- tests/integration.rs | 18 +++----- 3 files changed, 34 insertions(+), 93 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f44b24e..637b694 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -205,12 +205,6 @@ dependencies = [ "unicode-width", ] -[[package]] -name = "const-oid" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e4c78c047431fee22c1a7bb92e00ad095a02a983affe4d8a72e2a2c62c1b94f3" - [[package]] name = "const-oid" version = "0.9.0" @@ -238,16 +232,6 @@ dependencies = [ "libc", ] -[[package]] -name = "crypto-bigint" -version = "0.3.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03c6a1d5fa1de37e071642dfa44ec552ca5b299adb128fab16138e24b548fd21" -dependencies = [ - "generic-array", - "subtle", -] - [[package]] name = "crypto-bigint" version = "0.4.9" @@ -320,25 +304,14 @@ version = "2.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3ee2393c4a91429dffb4bedf19f4d6abf27d8a732c8ce4980305d782e5426d57" -[[package]] -name = "der" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6919815d73839e7ad218de758883aae3a257ba6759ce7a9992501efbb53d705c" -dependencies = [ - "const-oid 0.7.1", - "crypto-bigint 0.3.2", - "pem-rfc7468 0.3.1", -] - [[package]] name = "der" version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "13dd2ae565c0a381dde7fade45fce95984c568bdcb4700a4fdbe3175e0380b2f" dependencies = [ - "const-oid 0.9.0", - "pem-rfc7468 0.6.0", + "const-oid", + "pem-rfc7468", "zeroize", ] @@ -396,6 +369,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "adfbc57365a37acbd2ebf2b64d7e69bb766e2fea813521ed536f5d0520dcf86c" dependencies = [ "block-buffer", + "const-oid", "crypto-common", "subtle", ] @@ -417,7 +391,7 @@ version = "0.14.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "413301934810f597c1d19ca71c8710e99a3f1ba28a0d2ebc01551a2daeea3c5c" dependencies = [ - "der 0.6.0", + "der", "elliptic-curve", "rfc6979", "signature", @@ -430,15 +404,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3" dependencies = [ "base16ct", - "crypto-bigint 0.4.9", - "der 0.6.0", + "crypto-bigint", + "der", "digest", "ff", "generic-array", "group", "hkdf", - "pem-rfc7468 0.6.0", - "pkcs8 0.9.0", + "pem-rfc7468", + "pkcs8", "rand_core", "sec1", "subtle", @@ -788,15 +762,6 @@ dependencies = [ "pkg-config", ] -[[package]] -name = "pem-rfc7468" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01de5d978f34aa4b2296576379fcc416034702fd94117c56ffd8a1a767cefb30" -dependencies = [ - "base64ct", -] - [[package]] name = "pem-rfc7468" version = "0.6.0" @@ -808,23 +773,13 @@ dependencies = [ [[package]] name = "pkcs1" -version = "0.3.3" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a78f66c04ccc83dd4486fd46c33896f4e17b24a7a3a6400dedc48ed0ddd72320" +checksum = "eff33bdbdfc54cc98a2eca766ebdec3e1b8fb7387523d5c9c9a2891da856f719" dependencies = [ - "der 0.5.1", - "pkcs8 0.8.0", - "zeroize", -] - -[[package]] -name = "pkcs8" -version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7cabda3fb821068a9a4fab19a683eac3af12edf0f34b94a8be53c4972b8149d0" -dependencies = [ - "der 0.5.1", - "spki 0.5.4", + "der", + "pkcs8", + "spki", "zeroize", ] @@ -834,8 +789,8 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba" dependencies = [ - "der 0.6.0", - "spki 0.6.0", + "der", + "spki", ] [[package]] @@ -945,16 +900,16 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb" dependencies = [ - "crypto-bigint 0.4.9", + "crypto-bigint", "hmac", "zeroize", ] [[package]] name = "rsa" -version = "0.6.1" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4cf22754c49613d2b3b119f0e5d46e34a2c628a937e3024b8762de4e7d8c710b" +checksum = "b0ecc3307be66bfb3574577895555bacfb9a37a8d5cd959444b72ff02495c618" dependencies = [ "byteorder", "digest", @@ -963,8 +918,9 @@ dependencies = [ "num-iter", "num-traits", "pkcs1", - "pkcs8 0.8.0", + "pkcs8", "rand_core", + "signature", "smallvec", "subtle", "zeroize", @@ -992,9 +948,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928" dependencies = [ "base16ct", - "der 0.6.0", + "der", "generic-array", - "pkcs8 0.9.0", + "pkcs8", "subtle", "zeroize", ] @@ -1058,16 +1014,6 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" -[[package]] -name = "spki" -version = "0.5.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "44d01ac02a6ccf3e07db148d2be087da624fea0221a16152ed01f0496a6b0a27" -dependencies = [ - "base64ct", - "der 0.5.1", -] - [[package]] name = "spki" version = "0.6.0" @@ -1075,7 +1021,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b" dependencies = [ "base64ct", - "der 0.6.0", + "der", ] [[package]] @@ -1396,6 +1342,7 @@ dependencies = [ "secrecy", "sha1", "sha2", + "signature", "subtle", "subtle-encoding", "uuid", diff --git a/Cargo.toml b/Cargo.toml index 689bcd6..c1b2f3f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -36,10 +36,10 @@ p256 = "0.11" p384 = "0.11" pcsc = "2" rand_core = { version = "0.6", features = ["std"] } -rsa = "0.6" +rsa = "0.7" secrecy = "0.8" -sha1 = "0.10" -sha2 = "0.10" +sha1 = { version = "0.10", features = ["oid"] } +sha2 = { version = "0.10", features = ["oid"] } subtle = "2" subtle-encoding = "0.5" uuid = { version = "1.2", features = ["v4"] } @@ -50,6 +50,8 @@ zeroize = "1" [dev-dependencies] env_logger = "0.9" lazy_static = "1" +rsa = { version = "0.7.1", features = ["hazmat"] } +signature = { version = "1.6.4", features = ["hazmat-preview"] } [features] untested = [] diff --git a/tests/integration.rs b/tests/integration.rs index 51ccc8c..155e649 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -6,8 +6,9 @@ use lazy_static::lazy_static; use log::trace; use rand_core::{OsRng, RngCore}; -use rsa::{hash::Hash::SHA2_256, PaddingScheme, PublicKey}; +use rsa::pkcs1v15; use sha2::{Digest, Sha256}; +use signature::{hazmat::PrehashVerifier, Signature as _}; use std::{env, str::FromStr, sync::Mutex}; use x509::RelativeDistinguishedName; use yubikey::{ @@ -200,26 +201,17 @@ fn generate_self_signed_rsa_cert() { // let pubkey = match cert.subject_pki() { - PublicKeyInfo::Rsa { pubkey, .. } => pubkey, + PublicKeyInfo::Rsa { pubkey, .. } => pkcs1v15::VerifyingKey::::from(pubkey.clone()), _ => unreachable!(), }; let data = cert.as_ref(); let tbs_cert_len = u16::from_be_bytes(data[6..8].try_into().unwrap()) as usize; let msg = &data[4..8 + tbs_cert_len]; - let sig = &data[data.len() - 128..]; - + let sig = pkcs1v15::Signature::from_bytes(&data[data.len() - 128..]).unwrap(); let hash = Sha256::digest(msg); - assert!(pubkey - .verify( - PaddingScheme::PKCS1v15Sign { - hash: Some(SHA2_256) - }, - &hash, - sig - ) - .is_ok()); + assert!(pubkey.verify_prehash(&hash, &sig).is_ok()); } #[test]