bump dependencies to latest rc, bump MSRV to 1.85 (#612)

This commit is contained in:
Arthur Gautier
2025-07-21 14:49:31 -07:00
committed by GitHub
parent 0d8096f50d
commit f0dbf9425c
12 changed files with 284 additions and 269 deletions
+1 -1
View File
@@ -344,7 +344,7 @@ impl From<Vec<u8>> for Response {
}
let sw = StatusWords::from(
(bytes[bytes.len() - 2] as u16) << 8 | (bytes[bytes.len() - 1] as u16),
((bytes[bytes.len() - 2] as u16) << 8) | (bytes[bytes.len() - 1] as u16),
);
let len = bytes.len() - 2;
+8 -2
View File
@@ -31,7 +31,7 @@
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
use crate::{Result, YubiKey};
use rand_core::{OsRng, RngCore};
use rand_core::{OsRng, RngCore, TryRngCore};
use std::fmt::{self, Debug, Display};
/// CCCID offset
@@ -66,8 +66,14 @@ impl CardId {
/// Generate a random CCC Card ID
pub fn generate() -> Self {
let mut rng = OsRng.unwrap_err();
Self::generate_from_rng(&mut rng)
}
/// Generate a random CCC Card ID from an [`RngCore`]
pub fn generate_from_rng<R: RngCore + ?Sized>(rng: &mut R) -> Self {
let mut id = [0u8; Self::BYTE_SIZE];
OsRng.fill_bytes(&mut id);
rng.fill_bytes(&mut id);
Self(id)
}
}
+2 -2
View File
@@ -135,7 +135,7 @@ impl Error {
Error::AlgorithmError => f.write_str("algorithm error"),
Error::AppletError => f.write_str("applet error"),
Error::AppletNotFound { applet_name } => {
f.write_str(&format!("{} applet not found", applet_name))
f.write_str(&format!("{applet_name} applet not found"))
}
Error::ArgumentError => f.write_str("argument error"),
Error::AuthenticationError => f.write_str("authentication error"),
@@ -150,7 +150,7 @@ impl Error {
Error::PcscError {
inner: Some(pcsc_error),
} => f.write_fmt(format_args!("PC/SC error: {}", pcsc_error)),
} => f.write_fmt(format_args!("PC/SC error: {pcsc_error}")),
Error::PcscError { .. } => f.write_str("PC/SC error"),
+5 -3
View File
@@ -157,8 +157,10 @@ impl<T: MetadataType> Metadata<T> {
// We did not find an existing tag, append
assert_eq!(offset, self.inner.len());
self.inner
.extend(iter::repeat(0).take(1 + get_length_size(item.len()) + item.len()));
self.inner.extend(iter::repeat_n(
0,
1 + get_length_size(item.len()) + item.len(),
));
Tlv::write(&mut self.inner[offset..], tag, item)?;
return Ok(());
@@ -193,7 +195,7 @@ impl<T: MetadataType> Metadata<T> {
// Move remaining data
let orig_len = self.inner.len();
if cb_moved > 0 {
self.inner.extend(iter::repeat(0).take(cb_moved as usize));
self.inner.extend(iter::repeat_n(0, cb_moved as usize));
}
self.inner.copy_within(
next_offset..orig_len,
+3 -2
View File
@@ -32,7 +32,7 @@
use crate::{Error, Result};
use log::error;
use rand_core::{OsRng, RngCore};
use rand_core::{OsRng, RngCore, TryRngCore};
use zeroize::Zeroize;
use des::{
@@ -156,7 +156,8 @@ impl MgmKey {
/// Generate a random MGM key
pub fn generate() -> Self {
let mut key_bytes = [0u8; DES_LEN_3DES];
OsRng.fill_bytes(&mut key_bytes);
let mut rng = OsRng.unwrap_err();
rng.fill_bytes(&mut key_bytes);
Self(key_bytes)
}
+46 -42
View File
@@ -57,26 +57,22 @@ use elliptic_curve::{sec1::EncodedPoint as EcPublicKey, PublicKey};
use log::{debug, error, warn};
use p256::NistP256;
use p384::NistP384;
use rsa::{pkcs8::EncodePublicKey, BigUint, RsaPublicKey};
use rsa::{pkcs8::EncodePublicKey, BoxedUint, RsaPublicKey};
use std::{
fmt::{Display, Formatter},
str::FromStr,
};
use x509_cert::{der::Decode, spki::SubjectPublicKeyInfoOwned};
#[cfg(feature = "untested")]
use {
num_bigint_dig::traits::ModInverse,
num_integer::Integer,
num_traits::{FromPrimitive, One},
};
#[cfg(feature = "untested")]
use zeroize::Zeroizing;
#[cfg(feature = "untested")]
use crate::consts::CB_OBJ_MAX;
#[cfg(feature = "untested")]
use rsa::{traits::PrivateKeyParts, RsaPrivateKey};
/// PIV Applet Name
pub(crate) const APPLET_NAME: &str = "PIV";
@@ -175,9 +171,9 @@ impl From<SlotId> for u8 {
impl Display for SlotId {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
match self {
SlotId::Management(r) => write!(f, "{:?}", r),
SlotId::Retired(r) => write!(f, "{:?}", r),
_ => write!(f, "{:?}", self),
SlotId::Management(r) => write!(f, "{r:?}"),
SlotId::Retired(r) => write!(f, "{r:?}"),
_ => write!(f, "{self:?}"),
}
}
}
@@ -330,7 +326,7 @@ impl From<RetiredSlotId> for u8 {
impl Display for RetiredSlotId {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
write!(f, "{:?}", self)
write!(f, "{self:?}")
}
}
@@ -413,7 +409,7 @@ impl From<ManagementSlotId> for u8 {
impl Display for ManagementSlotId {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
write!(f, "{:?}", self)
write!(f, "{self:?}")
}
}
@@ -791,36 +787,44 @@ impl RsaKeyData {
/// - `Ok(key_data)` if `secret_p` and `secret_q` are valid primes.
/// - `Err(Error::AlgorithmError)` if `secret_p`/`secret_q` are invalid primes.
pub fn new(secret_p: &[u8], secret_q: &[u8]) -> Result<Self> {
let p = BigUint::from_bytes_be(secret_p);
let q = BigUint::from_bytes_be(secret_q);
let p = BoxedUint::from_be_slice_vartime(secret_p);
let q = BoxedUint::from_be_slice_vartime(secret_q);
let exp = BoxedUint::from(KEYDATA_RSA_EXP);
let totient = {
let p_t = &p - BigUint::one();
let q_t = &p - BigUint::one();
p_t.lcm(&q_t)
};
let exp = BigUint::from_u64(KEYDATA_RSA_EXP).ok_or(Error::AlgorithmError)?;
let d = exp.mod_inverse(&totient).ok_or(Error::AlgorithmError)?;
let d = d.to_biguint().ok_or(Error::AlgorithmError)?;
// We calculate the optimization values ahead of time, instead of making the user
// do so.
let dp = &d % (&p - BigUint::one());
let dq = &d % (&q - BigUint::one());
let qinv = q.clone().mod_inverse(&p).ok_or(Error::AlgorithmError)?;
let (_, qinv) = qinv.to_bytes_be();
let mut private_key = RsaPrivateKey::from_p_q(p.clone(), q.clone(), exp)
.map_err(|_| Error::AlgorithmError)?;
private_key
.precompute()
.map_err(|_| Error::AlgorithmError)?;
Ok(RsaKeyData {
p: Zeroizing::new(p.to_bytes_be()),
q: Zeroizing::new(q.to_bytes_be()),
dp: Zeroizing::new(dp.to_bytes_be()),
dq: Zeroizing::new(dq.to_bytes_be()),
qinv: Zeroizing::new(qinv),
p: Zeroizing::new(p.to_be_bytes().to_vec()),
q: Zeroizing::new(q.to_be_bytes().to_vec()),
dp: Zeroizing::new(
private_key
.dp()
.expect("invariant violation: precompute should fill the field")
.clone()
.to_be_bytes()
.to_vec(),
),
dq: Zeroizing::new(
private_key
.dq()
.expect("invariant violation: precompute should fill the field")
.clone()
.to_be_bytes()
.to_vec(),
),
qinv: Zeroizing::new(
private_key
.qinv()
.expect("invariant violation: precompute should fill the field")
.clone()
.retrieve()
.to_be_bytes()
.to_vec(),
),
})
}
@@ -1170,8 +1174,8 @@ fn read_public_key(
let exp = exp_tlv.value.to_vec();
let pubkey = RsaPublicKey::new(
BigUint::from_bytes_be(&modulus),
BigUint::from_bytes_be(&exp),
BoxedUint::from_be_slice_vartime(&modulus),
BoxedUint::from_be_slice_vartime(&exp),
)
.map_err(|_| Error::InvalidObject)?;
Ok(SubjectPublicKeyInfoOwned::from_der(
+1 -1
View File
@@ -122,7 +122,7 @@ impl Setting {
/// Get a setting boolean from an environment variable
fn from_env(key: &str) -> Option<Self> {
env::var(format!("YUBIKEY_PIV_{}", key))
env::var(format!("YUBIKEY_PIV_{key}"))
.ok()
.map(|value| Setting {
source: SettingSource::User,
+3 -2
View File
@@ -43,7 +43,7 @@ use crate::{
};
use log::{error, info};
use pcsc::Card;
use rand_core::{OsRng, RngCore};
use rand_core::{OsRng, RngCore, TryRngCore};
use std::{
cmp::{Ord, Ordering},
fmt::{self, Display},
@@ -434,7 +434,8 @@ impl YubiKey {
data[4..12].copy_from_slice(&response);
data[12] = 0x81;
data[13] = 8;
OsRng.fill_bytes(&mut data[14..22]);
let mut rng = OsRng.unwrap_err();
rng.fill_bytes(&mut data[14..22]);
let mut challenge = [0u8; 8];
challenge.copy_from_slice(&data[14..22]);