bump dependencies to latest rc, bump MSRV to 1.85 (#612)
This commit is contained in:
+1
-1
@@ -344,7 +344,7 @@ impl From<Vec<u8>> for Response {
|
||||
}
|
||||
|
||||
let sw = StatusWords::from(
|
||||
(bytes[bytes.len() - 2] as u16) << 8 | (bytes[bytes.len() - 1] as u16),
|
||||
((bytes[bytes.len() - 2] as u16) << 8) | (bytes[bytes.len() - 1] as u16),
|
||||
);
|
||||
|
||||
let len = bytes.len() - 2;
|
||||
|
||||
+8
-2
@@ -31,7 +31,7 @@
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
use crate::{Result, YubiKey};
|
||||
use rand_core::{OsRng, RngCore};
|
||||
use rand_core::{OsRng, RngCore, TryRngCore};
|
||||
use std::fmt::{self, Debug, Display};
|
||||
|
||||
/// CCCID offset
|
||||
@@ -66,8 +66,14 @@ impl CardId {
|
||||
|
||||
/// Generate a random CCC Card ID
|
||||
pub fn generate() -> Self {
|
||||
let mut rng = OsRng.unwrap_err();
|
||||
Self::generate_from_rng(&mut rng)
|
||||
}
|
||||
|
||||
/// Generate a random CCC Card ID from an [`RngCore`]
|
||||
pub fn generate_from_rng<R: RngCore + ?Sized>(rng: &mut R) -> Self {
|
||||
let mut id = [0u8; Self::BYTE_SIZE];
|
||||
OsRng.fill_bytes(&mut id);
|
||||
rng.fill_bytes(&mut id);
|
||||
Self(id)
|
||||
}
|
||||
}
|
||||
|
||||
+2
-2
@@ -135,7 +135,7 @@ impl Error {
|
||||
Error::AlgorithmError => f.write_str("algorithm error"),
|
||||
Error::AppletError => f.write_str("applet error"),
|
||||
Error::AppletNotFound { applet_name } => {
|
||||
f.write_str(&format!("{} applet not found", applet_name))
|
||||
f.write_str(&format!("{applet_name} applet not found"))
|
||||
}
|
||||
Error::ArgumentError => f.write_str("argument error"),
|
||||
Error::AuthenticationError => f.write_str("authentication error"),
|
||||
@@ -150,7 +150,7 @@ impl Error {
|
||||
|
||||
Error::PcscError {
|
||||
inner: Some(pcsc_error),
|
||||
} => f.write_fmt(format_args!("PC/SC error: {}", pcsc_error)),
|
||||
} => f.write_fmt(format_args!("PC/SC error: {pcsc_error}")),
|
||||
|
||||
Error::PcscError { .. } => f.write_str("PC/SC error"),
|
||||
|
||||
|
||||
+5
-3
@@ -157,8 +157,10 @@ impl<T: MetadataType> Metadata<T> {
|
||||
|
||||
// We did not find an existing tag, append
|
||||
assert_eq!(offset, self.inner.len());
|
||||
self.inner
|
||||
.extend(iter::repeat(0).take(1 + get_length_size(item.len()) + item.len()));
|
||||
self.inner.extend(iter::repeat_n(
|
||||
0,
|
||||
1 + get_length_size(item.len()) + item.len(),
|
||||
));
|
||||
Tlv::write(&mut self.inner[offset..], tag, item)?;
|
||||
|
||||
return Ok(());
|
||||
@@ -193,7 +195,7 @@ impl<T: MetadataType> Metadata<T> {
|
||||
// Move remaining data
|
||||
let orig_len = self.inner.len();
|
||||
if cb_moved > 0 {
|
||||
self.inner.extend(iter::repeat(0).take(cb_moved as usize));
|
||||
self.inner.extend(iter::repeat_n(0, cb_moved as usize));
|
||||
}
|
||||
self.inner.copy_within(
|
||||
next_offset..orig_len,
|
||||
|
||||
+3
-2
@@ -32,7 +32,7 @@
|
||||
|
||||
use crate::{Error, Result};
|
||||
use log::error;
|
||||
use rand_core::{OsRng, RngCore};
|
||||
use rand_core::{OsRng, RngCore, TryRngCore};
|
||||
use zeroize::Zeroize;
|
||||
|
||||
use des::{
|
||||
@@ -156,7 +156,8 @@ impl MgmKey {
|
||||
/// Generate a random MGM key
|
||||
pub fn generate() -> Self {
|
||||
let mut key_bytes = [0u8; DES_LEN_3DES];
|
||||
OsRng.fill_bytes(&mut key_bytes);
|
||||
let mut rng = OsRng.unwrap_err();
|
||||
rng.fill_bytes(&mut key_bytes);
|
||||
Self(key_bytes)
|
||||
}
|
||||
|
||||
|
||||
+46
-42
@@ -57,26 +57,22 @@ use elliptic_curve::{sec1::EncodedPoint as EcPublicKey, PublicKey};
|
||||
use log::{debug, error, warn};
|
||||
use p256::NistP256;
|
||||
use p384::NistP384;
|
||||
use rsa::{pkcs8::EncodePublicKey, BigUint, RsaPublicKey};
|
||||
use rsa::{pkcs8::EncodePublicKey, BoxedUint, RsaPublicKey};
|
||||
use std::{
|
||||
fmt::{Display, Formatter},
|
||||
str::FromStr,
|
||||
};
|
||||
use x509_cert::{der::Decode, spki::SubjectPublicKeyInfoOwned};
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
use {
|
||||
num_bigint_dig::traits::ModInverse,
|
||||
num_integer::Integer,
|
||||
num_traits::{FromPrimitive, One},
|
||||
};
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
use zeroize::Zeroizing;
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
use crate::consts::CB_OBJ_MAX;
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
use rsa::{traits::PrivateKeyParts, RsaPrivateKey};
|
||||
|
||||
/// PIV Applet Name
|
||||
pub(crate) const APPLET_NAME: &str = "PIV";
|
||||
|
||||
@@ -175,9 +171,9 @@ impl From<SlotId> for u8 {
|
||||
impl Display for SlotId {
|
||||
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
|
||||
match self {
|
||||
SlotId::Management(r) => write!(f, "{:?}", r),
|
||||
SlotId::Retired(r) => write!(f, "{:?}", r),
|
||||
_ => write!(f, "{:?}", self),
|
||||
SlotId::Management(r) => write!(f, "{r:?}"),
|
||||
SlotId::Retired(r) => write!(f, "{r:?}"),
|
||||
_ => write!(f, "{self:?}"),
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -330,7 +326,7 @@ impl From<RetiredSlotId> for u8 {
|
||||
|
||||
impl Display for RetiredSlotId {
|
||||
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
|
||||
write!(f, "{:?}", self)
|
||||
write!(f, "{self:?}")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -413,7 +409,7 @@ impl From<ManagementSlotId> for u8 {
|
||||
|
||||
impl Display for ManagementSlotId {
|
||||
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
|
||||
write!(f, "{:?}", self)
|
||||
write!(f, "{self:?}")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -791,36 +787,44 @@ impl RsaKeyData {
|
||||
/// - `Ok(key_data)` if `secret_p` and `secret_q` are valid primes.
|
||||
/// - `Err(Error::AlgorithmError)` if `secret_p`/`secret_q` are invalid primes.
|
||||
pub fn new(secret_p: &[u8], secret_q: &[u8]) -> Result<Self> {
|
||||
let p = BigUint::from_bytes_be(secret_p);
|
||||
let q = BigUint::from_bytes_be(secret_q);
|
||||
let p = BoxedUint::from_be_slice_vartime(secret_p);
|
||||
let q = BoxedUint::from_be_slice_vartime(secret_q);
|
||||
let exp = BoxedUint::from(KEYDATA_RSA_EXP);
|
||||
|
||||
let totient = {
|
||||
let p_t = &p - BigUint::one();
|
||||
let q_t = &p - BigUint::one();
|
||||
|
||||
p_t.lcm(&q_t)
|
||||
};
|
||||
|
||||
let exp = BigUint::from_u64(KEYDATA_RSA_EXP).ok_or(Error::AlgorithmError)?;
|
||||
|
||||
let d = exp.mod_inverse(&totient).ok_or(Error::AlgorithmError)?;
|
||||
let d = d.to_biguint().ok_or(Error::AlgorithmError)?;
|
||||
|
||||
// We calculate the optimization values ahead of time, instead of making the user
|
||||
// do so.
|
||||
|
||||
let dp = &d % (&p - BigUint::one());
|
||||
let dq = &d % (&q - BigUint::one());
|
||||
|
||||
let qinv = q.clone().mod_inverse(&p).ok_or(Error::AlgorithmError)?;
|
||||
let (_, qinv) = qinv.to_bytes_be();
|
||||
let mut private_key = RsaPrivateKey::from_p_q(p.clone(), q.clone(), exp)
|
||||
.map_err(|_| Error::AlgorithmError)?;
|
||||
private_key
|
||||
.precompute()
|
||||
.map_err(|_| Error::AlgorithmError)?;
|
||||
|
||||
Ok(RsaKeyData {
|
||||
p: Zeroizing::new(p.to_bytes_be()),
|
||||
q: Zeroizing::new(q.to_bytes_be()),
|
||||
dp: Zeroizing::new(dp.to_bytes_be()),
|
||||
dq: Zeroizing::new(dq.to_bytes_be()),
|
||||
qinv: Zeroizing::new(qinv),
|
||||
p: Zeroizing::new(p.to_be_bytes().to_vec()),
|
||||
q: Zeroizing::new(q.to_be_bytes().to_vec()),
|
||||
dp: Zeroizing::new(
|
||||
private_key
|
||||
.dp()
|
||||
.expect("invariant violation: precompute should fill the field")
|
||||
.clone()
|
||||
.to_be_bytes()
|
||||
.to_vec(),
|
||||
),
|
||||
dq: Zeroizing::new(
|
||||
private_key
|
||||
.dq()
|
||||
.expect("invariant violation: precompute should fill the field")
|
||||
.clone()
|
||||
.to_be_bytes()
|
||||
.to_vec(),
|
||||
),
|
||||
qinv: Zeroizing::new(
|
||||
private_key
|
||||
.qinv()
|
||||
.expect("invariant violation: precompute should fill the field")
|
||||
.clone()
|
||||
.retrieve()
|
||||
.to_be_bytes()
|
||||
.to_vec(),
|
||||
),
|
||||
})
|
||||
}
|
||||
|
||||
@@ -1170,8 +1174,8 @@ fn read_public_key(
|
||||
let exp = exp_tlv.value.to_vec();
|
||||
|
||||
let pubkey = RsaPublicKey::new(
|
||||
BigUint::from_bytes_be(&modulus),
|
||||
BigUint::from_bytes_be(&exp),
|
||||
BoxedUint::from_be_slice_vartime(&modulus),
|
||||
BoxedUint::from_be_slice_vartime(&exp),
|
||||
)
|
||||
.map_err(|_| Error::InvalidObject)?;
|
||||
Ok(SubjectPublicKeyInfoOwned::from_der(
|
||||
|
||||
+1
-1
@@ -122,7 +122,7 @@ impl Setting {
|
||||
|
||||
/// Get a setting boolean from an environment variable
|
||||
fn from_env(key: &str) -> Option<Self> {
|
||||
env::var(format!("YUBIKEY_PIV_{}", key))
|
||||
env::var(format!("YUBIKEY_PIV_{key}"))
|
||||
.ok()
|
||||
.map(|value| Setting {
|
||||
source: SettingSource::User,
|
||||
|
||||
+3
-2
@@ -43,7 +43,7 @@ use crate::{
|
||||
};
|
||||
use log::{error, info};
|
||||
use pcsc::Card;
|
||||
use rand_core::{OsRng, RngCore};
|
||||
use rand_core::{OsRng, RngCore, TryRngCore};
|
||||
use std::{
|
||||
cmp::{Ord, Ordering},
|
||||
fmt::{self, Display},
|
||||
@@ -434,7 +434,8 @@ impl YubiKey {
|
||||
data[4..12].copy_from_slice(&response);
|
||||
data[12] = 0x81;
|
||||
data[13] = 8;
|
||||
OsRng.fill_bytes(&mut data[14..22]);
|
||||
let mut rng = OsRng.unwrap_err();
|
||||
rng.fill_bytes(&mut data[14..22]);
|
||||
|
||||
let mut challenge = [0u8; 8];
|
||||
challenge.copy_from_slice(&data[14..22]);
|
||||
|
||||
Reference in New Issue
Block a user