Compare commits
19 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 43dfc06875 | |||
| e230390e7e | |||
| ef3df46ed2 | |||
| 18e3636161 | |||
| 9d1da84233 | |||
| 37088bba56 | |||
| 3580c45f71 | |||
| 79c289ac00 | |||
| cbca858488 | |||
| 8b896ab4de | |||
| 24b035008c | |||
| 90bc878b21 | |||
| 08185c5ec9 | |||
| 7da2c7ba6a | |||
| fecd786262 | |||
| 1a6d1d0a71 | |||
| f43539088b | |||
| 72f63131ac | |||
| b59856d09e |
@@ -3,7 +3,7 @@ name: CI
|
||||
on:
|
||||
pull_request: {}
|
||||
push:
|
||||
branches: develop
|
||||
branches: main
|
||||
|
||||
env:
|
||||
CARGO_INCREMENTAL: 0
|
||||
@@ -36,13 +36,13 @@ jobs:
|
||||
toolchain: stable
|
||||
deps: true
|
||||
- platform: ubuntu-latest
|
||||
toolchain: 1.44.0 # MSRV
|
||||
toolchain: 1.46.0 # MSRV
|
||||
deps: sudo apt-get install libpcsclite-dev
|
||||
- platform: windows-latest
|
||||
toolchain: 1.44.0 # MSRV
|
||||
toolchain: 1.46.0 # MSRV
|
||||
deps: true
|
||||
- platform: macos-latest
|
||||
toolchain: 1.44.0 # MSRV
|
||||
toolchain: 1.46.0 # MSRV
|
||||
deps: true
|
||||
runs-on: ${{ matrix.platform }}
|
||||
steps:
|
||||
@@ -82,7 +82,7 @@ jobs:
|
||||
- uses: actions-rs/toolchain@v1
|
||||
with:
|
||||
profile: minimal
|
||||
toolchain: 1.44.0 # MSRV
|
||||
toolchain: 1.46.0 # MSRV
|
||||
components: clippy
|
||||
- run: sudo apt-get install libpcsclite-dev
|
||||
- run: cargo clippy --all --exclude crypto_box --all-features -- -D warnings
|
||||
|
||||
@@ -3,7 +3,7 @@ on:
|
||||
pull_request:
|
||||
paths: Cargo.lock
|
||||
push:
|
||||
branches: develop
|
||||
branches: main
|
||||
paths: Cargo.lock
|
||||
schedule:
|
||||
- cron: '0 0 * * *'
|
||||
|
||||
@@ -4,6 +4,34 @@ All notable changes to this project will be documented in this file.
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## 0.3.0 (2021-03-22)
|
||||
### Added
|
||||
- Typed structs for PIN-protected and admin metadata ([#223])
|
||||
- `MgmKey::set_default`/`MgmKey::set_manual` methods ([#224])
|
||||
|
||||
### Changed
|
||||
- Have `Transaction::set_mgm_key` take touch requirement as bool ([#224])
|
||||
|
||||
### Removed
|
||||
- `MgmKey::set` method ([#224])
|
||||
|
||||
[#223]: https://github.com/iqlusioninc/yubikey-piv.rs/pull/223
|
||||
[#224]: https://github.com/iqlusioninc/yubikey-piv.rs/pull/224
|
||||
|
||||
## 0.2.0 (2021-01-30)
|
||||
### Changed
|
||||
- Bump `der-parser` to v5.0 ([#194])
|
||||
- Improve self-signed certificates ([#207])
|
||||
- Bump `x509-parser` to v0.9 ([#208])
|
||||
- Bump elliptic-curve to 0.8. Also requires bumping p256 and p384 ([#208])
|
||||
- Bump MSRV to 1.46+ ([#208])
|
||||
- Bump `pbkdf2` dependency to v0.7 ([#219])
|
||||
|
||||
[#194]: https://github.com/iqlusioninc/yubikey-piv.rs/pull/194
|
||||
[#207]: https://github.com/iqlusioninc/yubikey-piv.rs/pull/207
|
||||
[#208]: https://github.com/iqlusioninc/yubikey-piv.rs/pull/208
|
||||
[#219]: https://github.com/iqlusioninc/yubikey-piv.rs/pull/219
|
||||
|
||||
## 0.1.0 (2020-10-19)
|
||||
### Added
|
||||
- `Certificate::generate_self_signed` ([#80])
|
||||
|
||||
Generated
+220
-169
@@ -1,19 +1,21 @@
|
||||
# This file is automatically @generated by Cargo.
|
||||
# It is not intended for manual editing.
|
||||
version = 3
|
||||
|
||||
[[package]]
|
||||
name = "aho-corasick"
|
||||
version = "0.7.14"
|
||||
version = "0.7.15"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b476ce7103678b0c6d3d395dbbae31d48ff910bd28be979ba5d48c6351131d0d"
|
||||
checksum = "7404febffaa47dac81aa44dba71523c9d069b1bdc50a77db41195149e17f68e5"
|
||||
dependencies = [
|
||||
"memchr",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "arrayvec"
|
||||
version = "0.5.1"
|
||||
version = "0.5.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "cff77d8686867eceff3105329d4698d96c2391c176d5d03adc90c7389162b5b8"
|
||||
checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b"
|
||||
|
||||
[[package]]
|
||||
name = "atty"
|
||||
@@ -38,12 +40,6 @@ version = "1.0.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a"
|
||||
|
||||
[[package]]
|
||||
name = "base64"
|
||||
version = "0.12.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3441f0f7b02788e948e47f457ca01f1d7e6d92c693bc132c22b087d3141c03ff"
|
||||
|
||||
[[package]]
|
||||
name = "base64"
|
||||
version = "0.13.0"
|
||||
@@ -58,12 +54,24 @@ checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693"
|
||||
|
||||
[[package]]
|
||||
name = "bitvec"
|
||||
version = "0.18.4"
|
||||
version = "0.18.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1d2838fdd79e8776dbe07a106c784b0f8dda571a21b2750a092cc4cbaa653c8e"
|
||||
checksum = "98fcd36dda4e17b7d7abc64cb549bf0201f4ab71e00700c798ca7e62ed3761fa"
|
||||
dependencies = [
|
||||
"funty",
|
||||
"radium",
|
||||
"radium 0.3.0",
|
||||
"wyz",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "bitvec"
|
||||
version = "0.19.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8942c8d352ae1838c9dda0b0ca2ab657696ef2232a20147cf1b30ae1a9cb4321"
|
||||
dependencies = [
|
||||
"funty",
|
||||
"radium 0.5.3",
|
||||
"tap",
|
||||
"wyz",
|
||||
]
|
||||
|
||||
@@ -78,27 +86,27 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "bumpalo"
|
||||
version = "3.4.0"
|
||||
version = "3.6.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "2e8c087f005730276d1096a652e92a8bacee2e2472bcc9715a74d2bec38b5820"
|
||||
checksum = "63396b8a4b9de3f4fdfb320ab6080762242f66a8ef174c49d8e19b674db4cdbe"
|
||||
|
||||
[[package]]
|
||||
name = "byteorder"
|
||||
version = "1.3.4"
|
||||
version = "1.4.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "08c48aae112d48ed9f069b33538ea9e3e90aa263cfa3d1c24309612b1f7472de"
|
||||
checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
|
||||
|
||||
[[package]]
|
||||
name = "cc"
|
||||
version = "1.0.61"
|
||||
version = "1.0.67"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ed67cbde08356238e75fc4656be4749481eeffb09e19f320a25237d5221c985d"
|
||||
checksum = "e3c69b077ad434294d3ce9f1f6143a2a4b89a8a2d54ef813d85003a4fd1137fd"
|
||||
|
||||
[[package]]
|
||||
name = "cfg-if"
|
||||
version = "0.1.10"
|
||||
version = "1.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822"
|
||||
checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
|
||||
|
||||
[[package]]
|
||||
name = "chrono"
|
||||
@@ -115,24 +123,24 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "cipher"
|
||||
version = "0.2.1"
|
||||
version = "0.2.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a1f7954ae5588102b35257639b1c36a2e7425cc6540fcdb4de19dcb91055d659"
|
||||
checksum = "12f8e7987cbd042a63249497f41aed09f8e65add917ea6566effbc56578d6801"
|
||||
dependencies = [
|
||||
"generic-array",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "const-oid"
|
||||
version = "0.1.0"
|
||||
version = "0.4.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a2d9162b7289a46e86208d6af2c686ca5bfde445878c41a458a9fac706252d0b"
|
||||
checksum = "9f6b64db6932c7e49332728e3a6bd82c6b7e16016607d20923b537c3bc4c0d5f"
|
||||
|
||||
[[package]]
|
||||
name = "cookie-factory"
|
||||
version = "0.3.1"
|
||||
version = "0.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "41f21b581d2f0cb891554812435667bb9610d74feb1a4c6415bf09c28ff0381d"
|
||||
checksum = "396de984970346b0d9e93d1415082923c679e5ae5c3ee3dcbd104f5610af126b"
|
||||
|
||||
[[package]]
|
||||
name = "cpuid-bool"
|
||||
@@ -152,31 +160,40 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "data-encoding"
|
||||
version = "2.3.0"
|
||||
version = "2.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d4d0e2d24e5ee3b23a01de38eefdcd978907890701f08ffffd4cb457ca4ee8d6"
|
||||
checksum = "3ee2393c4a91429dffb4bedf19f4d6abf27d8a732c8ce4980305d782e5426d57"
|
||||
|
||||
[[package]]
|
||||
name = "der"
|
||||
version = "0.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "51f59c66c30bb7445c8320a5f9233e437e3572368099f25532a59054328899b4"
|
||||
dependencies = [
|
||||
"const-oid",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "der-oid-macro"
|
||||
version = "0.2.0"
|
||||
version = "0.3.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e66558629d772c3be040566b7be07be8c8f5aecee95e4a092dfe2efc313277ad"
|
||||
checksum = "bd17d13ecf875e704369fdbde242483ac769fc18f6af21e43d5a692a079732fc"
|
||||
dependencies = [
|
||||
"nom",
|
||||
"num-bigint 0.3.0",
|
||||
"num-bigint 0.3.2",
|
||||
"num-traits",
|
||||
"proc-macro-hack",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "der-parser"
|
||||
version = "4.1.0"
|
||||
version = "5.0.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "caca07c50eaae94d43e21f4d14eca5543b6f5f5ce64715e9b7665ac5f5185b4e"
|
||||
checksum = "13e6cad1223a7b98b59275a56516ed8c40508d21284a32e404ed3fe2ae9a809a"
|
||||
dependencies = [
|
||||
"der-oid-macro",
|
||||
"nom",
|
||||
"num-bigint 0.3.0",
|
||||
"num-bigint 0.3.2",
|
||||
"num-traits",
|
||||
"proc-macro-hack",
|
||||
"rusticata-macros",
|
||||
@@ -203,25 +220,37 @@ dependencies = [
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "elliptic-curve"
|
||||
version = "0.6.6"
|
||||
name = "ecdsa"
|
||||
version = "0.10.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "396db09c483e7fca5d4fdb9112685632b3e76c9a607a2649c1bf904404a01366"
|
||||
checksum = "41fbdb4ff710acb4db8ca29f93b897529ea6d6a45626d5183b47e012aa6ae7e4"
|
||||
dependencies = [
|
||||
"bitvec",
|
||||
"const-oid",
|
||||
"elliptic-curve",
|
||||
"signature",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "elliptic-curve"
|
||||
version = "0.8.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f2db227e61a43a34915680bdda462ec0e212095518020a88a1f91acd16092c39"
|
||||
dependencies = [
|
||||
"bitvec 0.18.5",
|
||||
"ff",
|
||||
"funty",
|
||||
"generic-array",
|
||||
"group",
|
||||
"pkcs8",
|
||||
"rand_core",
|
||||
"subtle",
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "env_logger"
|
||||
version = "0.8.1"
|
||||
version = "0.8.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "54532e3223c5af90a6a757c90b5c5521564b07e5e7a958681bcd2afad421cdcd"
|
||||
checksum = "17392a012ea30ef05a610aa97dfb49496e71c9f676b27879922ea5bdf60d9d3f"
|
||||
dependencies = [
|
||||
"atty",
|
||||
"humantime",
|
||||
@@ -236,16 +265,16 @@ version = "0.8.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "01646e077d4ebda82b73f1bca002ea1e91561a77df2431a9e79729bcc31950ef"
|
||||
dependencies = [
|
||||
"bitvec",
|
||||
"bitvec 0.18.5",
|
||||
"rand_core",
|
||||
"subtle",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "funty"
|
||||
version = "1.0.1"
|
||||
version = "1.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0ba62103ce691c2fd80fbae2213dfdda9ce60804973ac6b6e97de818ea7f52c8"
|
||||
checksum = "fed34cd105917e91daa4da6b3728c47b068749d6a62c59811f06ed2ac71d9da7"
|
||||
|
||||
[[package]]
|
||||
name = "generic-array"
|
||||
@@ -259,9 +288,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "getrandom"
|
||||
version = "0.1.15"
|
||||
version = "0.1.16"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "fc587bc0ec293155d5bfa6b9891ec18a1e330c234f896ea47fbada4cadbe47e6"
|
||||
checksum = "8fc3cb4d91f53b50155bdcfd23f6a4c39ae1969c2ae85982b135750cccaf5fce"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
"libc",
|
||||
@@ -301,9 +330,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "hermit-abi"
|
||||
version = "0.1.17"
|
||||
version = "0.1.18"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "5aca5565f760fb5b220e499d72710ed156fdb74e631659e99377d9ebfbd13ae8"
|
||||
checksum = "322f4de77956e22ed0e5032c359a0f1273f1f7f0d79bfa3b8ffbc730d7fbcc5c"
|
||||
dependencies = [
|
||||
"libc",
|
||||
]
|
||||
@@ -320,15 +349,15 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "humantime"
|
||||
version = "2.0.1"
|
||||
version = "2.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3c1ad908cc71012b7bea4d0c53ba96a8cba9962f048fa68d143376143d863b7a"
|
||||
checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
|
||||
|
||||
[[package]]
|
||||
name = "js-sys"
|
||||
version = "0.3.45"
|
||||
version = "0.3.49"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ca059e81d9486668f12d455a4ea6daa600bd408134cd17e3d3fb5a32d1f016f8"
|
||||
checksum = "dc15e39392125075f60c95ba416f5381ff6c3a948ff02ab12464715adf56c821"
|
||||
dependencies = [
|
||||
"wasm-bindgen",
|
||||
]
|
||||
@@ -344,9 +373,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "lexical-core"
|
||||
version = "0.7.4"
|
||||
version = "0.7.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "db65c6da02e61f55dae90a0ae427b2a5f6b3e8db09f58d10efab23af92592616"
|
||||
checksum = "21f866863575d0e1d654fbeeabdc927292fdf862873dc3c96c6f753357e13374"
|
||||
dependencies = [
|
||||
"arrayvec",
|
||||
"bitflags",
|
||||
@@ -357,9 +386,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "libc"
|
||||
version = "0.2.79"
|
||||
version = "0.2.90"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "2448f6066e80e3bfc792e9c98bf705b4b0fc6e8ef5b43e5889aff0eaa9c58743"
|
||||
checksum = "ba4aede83fc3617411dc6993bc8c70919750c1c257c6ca6a502aed6e0e2394ae"
|
||||
|
||||
[[package]]
|
||||
name = "libm"
|
||||
@@ -369,25 +398,27 @@ checksum = "c7d73b3f436185384286bd8098d17ec07c9a7d2388a6599f824d8502b529702a"
|
||||
|
||||
[[package]]
|
||||
name = "log"
|
||||
version = "0.4.11"
|
||||
version = "0.4.14"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "4fabed175da42fed1fa0746b0ea71f412aa9d35e76e95e59b192c64b9dc2bf8b"
|
||||
checksum = "51b9bbe6c47d51fc3e1a9b945965946b4c44142ab8792c50835a980d362c2710"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "memchr"
|
||||
version = "2.3.3"
|
||||
version = "2.3.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3728d817d99e5ac407411fa471ff9800a778d88a24685968b36824eaf4bee400"
|
||||
checksum = "0ee1c47aaa256ecabcaea351eae4a9b01ef39ed810004e298d2511ed284b1525"
|
||||
|
||||
[[package]]
|
||||
name = "nom"
|
||||
version = "5.1.2"
|
||||
version = "6.1.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ffb4262d26ed83a1c0a33a38fe2bb15797329c85770da05e6b828ddb782627af"
|
||||
checksum = "e7413f999671bd4745a7b624bd370a569fb6bc574b23c83a3c5ed2e453f3d5e2"
|
||||
dependencies = [
|
||||
"bitvec 0.19.5",
|
||||
"funty",
|
||||
"lexical-core",
|
||||
"memchr",
|
||||
"version_check",
|
||||
@@ -406,9 +437,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "num-bigint"
|
||||
version = "0.3.0"
|
||||
version = "0.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b7f3fc75e3697059fb1bc465e3d8cca6cf92f56854f201158b3f9c77d5a3cfa0"
|
||||
checksum = "7d0a3d5e207573f948a9e5376662aa743a2ea13f7c50a554d7af443a73fbfeba"
|
||||
dependencies = [
|
||||
"autocfg 1.0.1",
|
||||
"num-integer",
|
||||
@@ -417,9 +448,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "num-bigint-dig"
|
||||
version = "0.6.0"
|
||||
version = "0.6.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b3d03c330f9f7a2c19e3c0b42698e48141d0809c78cd9b6219f85bd7d7e892aa"
|
||||
checksum = "5d51546d704f52ef14b3c962b5776e53d5b862e5790e40a350d366c209bd7f7a"
|
||||
dependencies = [
|
||||
"autocfg 0.1.7",
|
||||
"byteorder",
|
||||
@@ -436,9 +467,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "num-integer"
|
||||
version = "0.1.43"
|
||||
version = "0.1.44"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8d59457e662d541ba17869cf51cf177c0b5f0cbf476c66bdc90bf1edac4f875b"
|
||||
checksum = "d2cc698a63b549a70bc047073d2949cce27cd1c7b0a4a862d08a8031bc2801db"
|
||||
dependencies = [
|
||||
"autocfg 1.0.1",
|
||||
"num-traits",
|
||||
@@ -446,9 +477,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "num-iter"
|
||||
version = "0.1.41"
|
||||
version = "0.1.42"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7a6e6b7c748f995c4c29c5f5ae0248536e04a5739927c74ec0fa564805094b9f"
|
||||
checksum = "b2021c8337a54d21aca0d59a92577a029af9431cb59b909b03252b9c164fad59"
|
||||
dependencies = [
|
||||
"autocfg 1.0.1",
|
||||
"num-integer",
|
||||
@@ -457,18 +488,27 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "num-traits"
|
||||
version = "0.2.12"
|
||||
version = "0.2.14"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ac267bcc07f48ee5f8935ab0d24f316fb722d7a1292e2913f0cc196b29ffd611"
|
||||
checksum = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290"
|
||||
dependencies = [
|
||||
"autocfg 1.0.1",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "once_cell"
|
||||
version = "1.4.1"
|
||||
name = "oid-registry"
|
||||
version = "0.1.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "260e51e7efe62b592207e9e13a68e43692a7a279171d6ba57abd208bf23645ad"
|
||||
checksum = "2508c8f170e55be68508b1113956a760a82684f42022f8834fb16ca198621211"
|
||||
dependencies = [
|
||||
"der-parser",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "once_cell"
|
||||
version = "1.7.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "af8b08b04175473088b46763e51ee54da5f9a164bc162f615b91bc179dbf15a3"
|
||||
|
||||
[[package]]
|
||||
name = "opaque-debug"
|
||||
@@ -478,35 +518,30 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
|
||||
|
||||
[[package]]
|
||||
name = "p256"
|
||||
version = "0.5.2"
|
||||
version = "0.7.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "280ed58e7e5f3052b6e2f596fa40c7eff4c27c4b6b6deecb5d685ba5c2080980"
|
||||
checksum = "7ca0196a204bb3f33305ba4a48b38f6e6e621cba8603a4e0650e6532e0949de4"
|
||||
dependencies = [
|
||||
"ecdsa",
|
||||
"elliptic-curve",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "p384"
|
||||
version = "0.4.1"
|
||||
version = "0.6.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "06de0548166c258c22bb6bdcff3074eac4b07125040aa74db3f61db87fe5f275"
|
||||
checksum = "ea33960aac2200d19a5c9ab06a11ebd48a37a23144496632c358182e6765d80b"
|
||||
dependencies = [
|
||||
"elliptic-curve",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "pbkdf2"
|
||||
version = "0.6.0"
|
||||
version = "0.7.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b3b8c0d71734018084da0c0354193a5edfb81b20d2d57a92c5b154aefc554a4a"
|
||||
checksum = "297e1dad0e9de7af53235b833761351bf6bda57d6acb4f263b61a2ddf674f1dc"
|
||||
dependencies = [
|
||||
"base64 0.13.0",
|
||||
"crypto-mac",
|
||||
"hmac",
|
||||
"rand",
|
||||
"rand_core",
|
||||
"sha2",
|
||||
"subtle",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -530,15 +565,24 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "pem"
|
||||
version = "0.8.1"
|
||||
version = "0.8.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "59698ea79df9bf77104aefd39cc3ec990cb9693fb59c3b0a70ddf2646fdffb4b"
|
||||
checksum = "fd56cbd21fea48d0c440b41cd69c589faacade08c992d9a54e471b79d0fd13eb"
|
||||
dependencies = [
|
||||
"base64 0.12.3",
|
||||
"base64",
|
||||
"once_cell",
|
||||
"regex",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "pkcs8"
|
||||
version = "0.3.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b4839a901843f3942576e65857f0ebf2e190ef7024d3c62a94099ba3f819ad1d"
|
||||
dependencies = [
|
||||
"der",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "pkg-config"
|
||||
version = "0.3.19"
|
||||
@@ -547,15 +591,15 @@ checksum = "3831453b3449ceb48b6d9c7ad7c96d5ea673e9b470a1dc578c2ce6521230884c"
|
||||
|
||||
[[package]]
|
||||
name = "ppv-lite86"
|
||||
version = "0.2.9"
|
||||
version = "0.2.10"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c36fa947111f5c62a733b652544dd0016a43ce89619538a8ef92724a6f501a20"
|
||||
checksum = "ac74c624d6b2d21f425f752262f42188365d7b8ff1aff74c82e45136510a4857"
|
||||
|
||||
[[package]]
|
||||
name = "proc-macro-hack"
|
||||
version = "0.5.18"
|
||||
version = "0.5.19"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "99c605b9a0adc77b7211c6b1f722dcb613d68d66859a44f3d485a6da332b0598"
|
||||
checksum = "dbf0c48bc1d91375ae5c3cd81e3722dff1abcf81a30960240640d223f59fe0e5"
|
||||
|
||||
[[package]]
|
||||
name = "proc-macro2"
|
||||
@@ -568,18 +612,24 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "quote"
|
||||
version = "1.0.7"
|
||||
version = "1.0.9"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "aa563d17ecb180e500da1cfd2b028310ac758de548efdd203e18f283af693f37"
|
||||
checksum = "c3d0b9745dc2debf507c8422de05d7226cc1f0644216dfdfead988f9b1ab32a7"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "radium"
|
||||
version = "0.4.1"
|
||||
version = "0.3.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "64de9a0c5361e034f1aefc9f71a86871ec870e766fe31a009734a989b329286a"
|
||||
checksum = "def50a86306165861203e7f84ecffbbdfdea79f0e51039b33de1e952358c47ac"
|
||||
|
||||
[[package]]
|
||||
name = "radium"
|
||||
version = "0.5.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "941ba9d78d8e2f7ce474c015eea4d9c6d25b6a3327f9832ee29a4de27f91bbb8"
|
||||
|
||||
[[package]]
|
||||
name = "rand"
|
||||
@@ -624,27 +674,26 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "regex"
|
||||
version = "1.4.1"
|
||||
version = "1.4.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8963b85b8ce3074fecffde43b4b0dded83ce2f367dc8d363afc56679f3ee820b"
|
||||
checksum = "957056ecddbeba1b26965114e191d2e8589ce74db242b6ea25fc4062427a5c19"
|
||||
dependencies = [
|
||||
"aho-corasick",
|
||||
"memchr",
|
||||
"regex-syntax",
|
||||
"thread_local",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "regex-syntax"
|
||||
version = "0.6.20"
|
||||
version = "0.6.23"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8cab7a364d15cde1e505267766a2d3c4e22a843e1a601f0fa7564c0f82ced11c"
|
||||
checksum = "24d5f089152e60f62d28b835fbff2cd2e8dc0baf1ac13343bef92ab7eed84548"
|
||||
|
||||
[[package]]
|
||||
name = "ring"
|
||||
version = "0.16.15"
|
||||
version = "0.16.20"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "952cd6b98c85bbc30efa1ba5783b8abf12fec8b3287ffa52605b9432313e34e4"
|
||||
checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
|
||||
dependencies = [
|
||||
"cc",
|
||||
"libc",
|
||||
@@ -679,23 +728,18 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "rusticata-macros"
|
||||
version = "2.1.0"
|
||||
version = "3.0.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f8a9050636e8a1b487ba1fbe99114021cd7594dde3ce6ed95bfc1691e5b5367b"
|
||||
checksum = "7390af60e66c44130b4c5ea85f2555b7ace835d73b4b889c704dc3cb4c0468c8"
|
||||
dependencies = [
|
||||
"nom",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rustversion"
|
||||
version = "1.0.3"
|
||||
version = "1.0.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b9bdc5e856e51e685846fb6c13a1f5e5432946c2c90501bdc76a1319f19e29da"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn",
|
||||
]
|
||||
checksum = "cb5d2a036dc6d2d8fd16fde3498b04306e29bd193bf306a57427019b823d5acd"
|
||||
|
||||
[[package]]
|
||||
name = "ryu"
|
||||
@@ -714,15 +758,15 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "serde"
|
||||
version = "1.0.117"
|
||||
version = "1.0.124"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b88fa983de7720629c9387e9f517353ed404164b1e482c970a90c1a4aaf7dc1a"
|
||||
checksum = "bd761ff957cb2a45fbb9ab3da6512de9de55872866160b23c25f1a841e99d29f"
|
||||
|
||||
[[package]]
|
||||
name = "sha-1"
|
||||
version = "0.9.1"
|
||||
version = "0.9.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "170a36ea86c864a3f16dd2687712dd6646f7019f301e57537c7f4dc9f5916770"
|
||||
checksum = "dfebf75d25bd900fd1e7d11501efab59bc846dbc76196839663e6637bba9f25f"
|
||||
dependencies = [
|
||||
"block-buffer",
|
||||
"cfg-if",
|
||||
@@ -733,9 +777,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "sha2"
|
||||
version = "0.9.1"
|
||||
version = "0.9.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "2933378ddfeda7ea26f48c555bdad8bb446bf8a3d17832dc83e380d444cfb8c1"
|
||||
checksum = "fa827a14b29ab7f44778d14a88d3cb76e949c45083f7dbfa507d0cb699dc12de"
|
||||
dependencies = [
|
||||
"block-buffer",
|
||||
"cfg-if",
|
||||
@@ -744,6 +788,15 @@ dependencies = [
|
||||
"opaque-debug",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "signature"
|
||||
version = "1.2.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "29f060a7d147e33490ec10da418795238fd7545bba241504d6b31a409f2e6210"
|
||||
dependencies = [
|
||||
"rand_core",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "simple_asn1"
|
||||
version = "0.4.1"
|
||||
@@ -757,9 +810,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "smallvec"
|
||||
version = "1.4.2"
|
||||
version = "1.6.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "fbee7696b84bbf3d89a1c2eccff0850e3047ed46bfcd2e92c29a2d074d57e252"
|
||||
checksum = "fe0f37c9e8f3c5a4a66ad655a93c74daac4ad00c441533bf5c6e7990bb42604e"
|
||||
|
||||
[[package]]
|
||||
name = "spin"
|
||||
@@ -775,9 +828,9 @@ checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
|
||||
|
||||
[[package]]
|
||||
name = "subtle"
|
||||
version = "2.3.0"
|
||||
version = "2.4.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "343f3f510c2915908f155e94f17220b19ccfacf2a64a2a5d8004f2c3e311e7fd"
|
||||
checksum = "1e81da0851ada1f3e9d4312c704aa4f8806f0f9d69faaf8df2f3464b4a9437c2"
|
||||
|
||||
[[package]]
|
||||
name = "subtle-encoding"
|
||||
@@ -790,9 +843,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "syn"
|
||||
version = "1.0.45"
|
||||
version = "1.0.64"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ea9c5432ff16d6152371f808fb5a871cd67368171b09bb21b43df8e4a47a3556"
|
||||
checksum = "3fd9d1e9976102a03c542daa2eff1b43f9d72306342f3f8b3ed5fb8908195d6f"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
@@ -812,43 +865,40 @@ dependencies = [
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "termcolor"
|
||||
version = "1.1.0"
|
||||
name = "tap"
|
||||
version = "1.0.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "bb6bfa289a4d7c5766392812c0a1f4c1ba45afa1ad47803c11e1f407d846d75f"
|
||||
checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"
|
||||
|
||||
[[package]]
|
||||
name = "termcolor"
|
||||
version = "1.1.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "2dfed899f0eb03f32ee8c6a0aabdb8a7949659e3466561fc0adf54e26d88c5f4"
|
||||
dependencies = [
|
||||
"winapi-util",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "thiserror"
|
||||
version = "1.0.21"
|
||||
version = "1.0.24"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "318234ffa22e0920fe9a40d7b8369b5f649d490980cf7aadcf1eb91594869b42"
|
||||
checksum = "e0f4a65597094d4483ddaed134f409b2cb7c1beccf25201a9f73c719254fa98e"
|
||||
dependencies = [
|
||||
"thiserror-impl",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "thiserror-impl"
|
||||
version = "1.0.21"
|
||||
version = "1.0.24"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "cae2447b6282786c3493999f40a9be2a6ad20cb8bd268b0a0dbf5a065535c0ab"
|
||||
checksum = "7765189610d8241a44529806d6fd1f2e0a08734313a35d5b3a556f92b381f3c0"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "thread_local"
|
||||
version = "1.0.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d40c6d1b69745a6ec6fb1ca717914848da4b44ae29d9b3080cbee91d72a69b14"
|
||||
dependencies = [
|
||||
"lazy_static",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "time"
|
||||
version = "0.1.44"
|
||||
@@ -862,9 +912,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "typenum"
|
||||
version = "1.12.0"
|
||||
version = "1.13.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "373c8a200f9e67a0c95e62a4f52fbf80c23b4381c05a17845531982fa99e6b33"
|
||||
checksum = "879f6906492a7cd215bfa4cf595b600146ccfac0c79bcbd1f3000162af5e8b06"
|
||||
|
||||
[[package]]
|
||||
name = "unicode-xid"
|
||||
@@ -880,9 +930,9 @@ checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
|
||||
|
||||
[[package]]
|
||||
name = "version_check"
|
||||
version = "0.9.2"
|
||||
version = "0.9.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b5a972e5669d67ba988ce3dc826706fb0a8b01471c088cb0b6110b805cc36aed"
|
||||
checksum = "5fecdca9a5291cc2b8dcf7dc02453fee791a280f3743cb0905f8822ae463b3fe"
|
||||
|
||||
[[package]]
|
||||
name = "wasi"
|
||||
@@ -898,9 +948,9 @@ checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f"
|
||||
|
||||
[[package]]
|
||||
name = "wasm-bindgen"
|
||||
version = "0.2.68"
|
||||
version = "0.2.72"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1ac64ead5ea5f05873d7c12b545865ca2b8d28adfc50a49b84770a3a97265d42"
|
||||
checksum = "8fe8f61dba8e5d645a4d8132dc7a0a66861ed5e1045d2c0ed940fab33bac0fbe"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
"wasm-bindgen-macro",
|
||||
@@ -908,9 +958,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "wasm-bindgen-backend"
|
||||
version = "0.2.68"
|
||||
version = "0.2.72"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f22b422e2a757c35a73774860af8e112bff612ce6cb604224e8e47641a9e4f68"
|
||||
checksum = "046ceba58ff062da072c7cb4ba5b22a37f00a302483f7e2a6cdc18fedbdc1fd3"
|
||||
dependencies = [
|
||||
"bumpalo",
|
||||
"lazy_static",
|
||||
@@ -923,9 +973,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "wasm-bindgen-macro"
|
||||
version = "0.2.68"
|
||||
version = "0.2.72"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "6b13312a745c08c469f0b292dd2fcd6411dba5f7160f593da6ef69b64e407038"
|
||||
checksum = "0ef9aa01d36cda046f797c57959ff5f3c615c9cc63997a8d545831ec7976819b"
|
||||
dependencies = [
|
||||
"quote",
|
||||
"wasm-bindgen-macro-support",
|
||||
@@ -933,9 +983,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "wasm-bindgen-macro-support"
|
||||
version = "0.2.68"
|
||||
version = "0.2.72"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f249f06ef7ee334cc3b8ff031bfc11ec99d00f34d86da7498396dc1e3b1498fe"
|
||||
checksum = "96eb45c1b2ee33545a813a92dbb53856418bf7eb54ab34f7f7ff1448a5b3735d"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
@@ -946,15 +996,15 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "wasm-bindgen-shared"
|
||||
version = "0.2.68"
|
||||
version = "0.2.72"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1d649a3145108d7d3fbcde896a468d1bd636791823c9921135218ad89be08307"
|
||||
checksum = "b7148f4696fb4960a346eaa60bbfb42a1ac4ebba21f750f75fc1375b098d5ffa"
|
||||
|
||||
[[package]]
|
||||
name = "web-sys"
|
||||
version = "0.3.45"
|
||||
version = "0.3.49"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "4bf6ef87ad7ae8008e15a355ce696bed26012b7caa21605188cfd8214ab51e2d"
|
||||
checksum = "59fe19d70f5dacc03f6e46777213facae5ac3801575d56ca6cbd4c93dcd12310"
|
||||
dependencies = [
|
||||
"js-sys",
|
||||
"wasm-bindgen",
|
||||
@@ -999,9 +1049,9 @@ checksum = "85e60b0d1b5f99db2556934e21937020776a5d31520bf169e851ac44e6420214"
|
||||
|
||||
[[package]]
|
||||
name = "x509"
|
||||
version = "0.1.2"
|
||||
version = "0.2.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "9335b8ff50b6a0de184b3eeb11fdce74224e3af90ca7265012512e73fc999d1a"
|
||||
checksum = "ca3cec94c3999f31341553f358ef55f65fc031291a022cd42ec0ce7219560c76"
|
||||
dependencies = [
|
||||
"chrono",
|
||||
"cookie-factory",
|
||||
@@ -1009,18 +1059,19 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "x509-parser"
|
||||
version = "0.8.2"
|
||||
version = "0.9.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a76245c48460d72a3e17ad3a01855c3cae98601bb992091c1c1421c77d1cb27c"
|
||||
checksum = "db7999ae290e75ec1d4dc8e9ff9870e48e3542a8f2e9c1e2e07d7ca02b459e10"
|
||||
dependencies = [
|
||||
"base64 0.13.0",
|
||||
"base64",
|
||||
"chrono",
|
||||
"data-encoding",
|
||||
"der-oid-macro",
|
||||
"der-parser",
|
||||
"lazy_static",
|
||||
"nom",
|
||||
"num-bigint 0.3.0",
|
||||
"num-bigint 0.3.2",
|
||||
"oid-registry",
|
||||
"rusticata-macros",
|
||||
"rustversion",
|
||||
"thiserror",
|
||||
@@ -1028,7 +1079,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "yubikey-cli"
|
||||
version = "0.1.0"
|
||||
version = "0.2.0"
|
||||
dependencies = [
|
||||
"env_logger",
|
||||
"gumdrop",
|
||||
@@ -1043,7 +1094,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "yubikey-piv"
|
||||
version = "0.1.0"
|
||||
version = "0.3.0"
|
||||
dependencies = [
|
||||
"chrono",
|
||||
"cookie-factory",
|
||||
@@ -1077,9 +1128,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "zeroize"
|
||||
version = "1.1.1"
|
||||
version = "1.2.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "05f33972566adbd2d3588b0491eb94b98b43695c4ef897903470ede4f3f5a28a"
|
||||
checksum = "81a974bcdd357f0dca4d41677db03436324d45a4c9ed2d0b873a5a360ce41c36"
|
||||
dependencies = [
|
||||
"zeroize_derive",
|
||||
]
|
||||
|
||||
+10
-10
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "yubikey-piv"
|
||||
version = "0.1.0" # Also update html_root_url in lib.rs when bumping this
|
||||
version = "0.3.0" # Also update html_root_url in lib.rs when bumping this
|
||||
description = """
|
||||
Pure Rust host-side driver for the YubiKey Personal Identity Verification (PIV)
|
||||
application providing general-purpose public-key signing and encryption
|
||||
@@ -24,19 +24,19 @@ maintenance = { status = "experimental" }
|
||||
[dependencies]
|
||||
chrono = "0.4"
|
||||
cookie-factory = "0.3"
|
||||
der-parser = "4"
|
||||
der-parser = "5"
|
||||
des = "0.6"
|
||||
elliptic-curve = "0.6"
|
||||
elliptic-curve = "0.8"
|
||||
getrandom = "0.1"
|
||||
hmac = "0.10"
|
||||
log = "0.4"
|
||||
nom = "5"
|
||||
nom = "6"
|
||||
num-bigint = { version = "0.6", features = ["rand"], package = "num-bigint-dig" }
|
||||
num-traits = "0.2"
|
||||
num-integer = "0.1"
|
||||
pbkdf2 = "0.6"
|
||||
p256 = "0.5"
|
||||
p384 = "0.4"
|
||||
pbkdf2 = { version = "0.7", default-features = false }
|
||||
p256 = "0.7"
|
||||
p384 = "0.6"
|
||||
pcsc = "2"
|
||||
rsa = "0.3"
|
||||
secrecy = "0.7"
|
||||
@@ -44,13 +44,13 @@ sha-1 = "0.9"
|
||||
sha2 = "0.9"
|
||||
subtle = "2"
|
||||
subtle-encoding = "0.5"
|
||||
x509 = "0.1.2"
|
||||
x509-parser = "0.8"
|
||||
x509 = "0.2"
|
||||
x509-parser = "0.9"
|
||||
zeroize = "1"
|
||||
|
||||
[dev-dependencies]
|
||||
env_logger = "0.8"
|
||||
ring = "0.16.15"
|
||||
ring = "0.16.18"
|
||||
lazy_static = "1"
|
||||
|
||||
[features]
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
<img src="https://raw.githubusercontent.com/iqlusioninc/yubikey-piv.rs/develop/img/logo.png" width="150" height="110">
|
||||
<img src="https://raw.githubusercontent.com/iqlusioninc/yubikey-piv.rs/main/img/logo.png" width="150" height="110">
|
||||
|
||||
# yubikey-piv.rs
|
||||
|
||||
@@ -36,7 +36,7 @@ endorsed by Yubico.
|
||||
|
||||
## Minimum Supported Rust Version
|
||||
|
||||
- Rust **1.44** or newer
|
||||
- Rust **1.46** or newer
|
||||
|
||||
## Supported YubiKeys
|
||||
|
||||
@@ -193,12 +193,12 @@ or conditions.
|
||||
[docs-image]: https://docs.rs/yubikey-piv/badge.svg
|
||||
[docs-link]: https://docs.rs/yubikey-piv/
|
||||
[license-image]: https://img.shields.io/badge/license-BSD-blue.svg
|
||||
[license-link]: https://github.com/iqlusioninc/yubikey-piv.rs/blob/develop/COPYING
|
||||
[rustc-image]: https://img.shields.io/badge/rustc-1.44+-blue.svg
|
||||
[license-link]: https://github.com/iqlusioninc/yubikey-piv.rs/blob/main/COPYING
|
||||
[rustc-image]: https://img.shields.io/badge/rustc-1.46+-blue.svg
|
||||
[maintenance-image]: https://img.shields.io/badge/maintenance-experimental-blue.svg
|
||||
[safety-image]: https://img.shields.io/badge/unsafe-forbidden-success.svg
|
||||
[safety-link]: https://github.com/rust-secure-code/safety-dance/
|
||||
[build-image]: https://github.com/iqlusioninc/yubikey-piv.rs/workflows/CI/badge.svg?branch=develop&event=push
|
||||
[build-image]: https://github.com/iqlusioninc/yubikey-piv.rs/workflows/CI/badge.svg?branch=main&event=push
|
||||
[build-link]: https://github.com/iqlusioninc/yubikey-piv.rs/actions
|
||||
[gitter-image]: https://badges.gitter.im/badge.svg
|
||||
[gitter-link]: https://gitter.im/iqlusioninc/community
|
||||
@@ -214,7 +214,7 @@ or conditions.
|
||||
[yubico-piv-tool]: https://github.com/Yubico/yubico-piv-tool/
|
||||
[Corrode]: https://github.com/jameysharp/corrode
|
||||
[cc-web]: https://contributor-covenant.org/
|
||||
[cc-md]: https://github.com/iqlusioninc/yubikey-piv.rs/blob/develop/CODE_OF_CONDUCT.md
|
||||
[cc-md]: https://github.com/iqlusioninc/yubikey-piv.rs/blob/main/CODE_OF_CONDUCT.md
|
||||
[BSDL]: https://opensource.org/licenses/BSD-2-Clause
|
||||
|
||||
[//]: # (github issues)
|
||||
|
||||
@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## 0.2.0 (2021-01-30)
|
||||
### Changed
|
||||
- Bump MSRV to 1.46+ ([#208])
|
||||
- Bump `yubikey-piv` dependency to v0.2.0 ([#220])
|
||||
|
||||
[#208]: https://github.com/iqlusioninc/yubikey-piv.rs/pull/208
|
||||
[#220]: https://github.com/iqlusioninc/yubikey-piv.rs/pull/220
|
||||
|
||||
## 0.1.0 (2020-10-19)
|
||||
### Added
|
||||
- `status` command ([#72], [#74])
|
||||
|
||||
+3
-3
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "yubikey-cli"
|
||||
version = "0.1.0"
|
||||
version = "0.2.0"
|
||||
description = """
|
||||
Command-line interface for performing encryption and signing using RSA/ECC keys
|
||||
stored on YubiKey devices.
|
||||
@@ -21,5 +21,5 @@ log = "0.4"
|
||||
sha2 = "0.9"
|
||||
subtle-encoding = "0.5"
|
||||
termcolor = "1"
|
||||
x509-parser = "0.8"
|
||||
yubikey-piv = { version = "0.1", path = ".." }
|
||||
x509-parser = "0.9"
|
||||
yubikey-piv = { version = "0.3", path = ".." }
|
||||
|
||||
+3
-3
@@ -1,4 +1,4 @@
|
||||
<img src="https://raw.githubusercontent.com/iqlusioninc/yubikey-piv.rs/develop/img/logo.png" width="150" height="110">
|
||||
<img src="https://raw.githubusercontent.com/iqlusioninc/yubikey-piv.rs/main/img/logo.png" width="150" height="110">
|
||||
|
||||
# yubikey-cli.rs
|
||||
|
||||
@@ -92,7 +92,7 @@ or conditions.
|
||||
[maintenance-image]: https://img.shields.io/badge/maintenance-experimental-blue.svg
|
||||
[safety-image]: https://img.shields.io/badge/unsafe-forbidden-success.svg
|
||||
[safety-link]: https://github.com/rust-secure-code/safety-dance/
|
||||
[build-image]: https://github.com/iqlusioninc/yubikey-piv.rs/workflows/Rust/badge.svg?branch=develop&event=push
|
||||
[build-image]: https://github.com/iqlusioninc/yubikey-piv.rs/workflows/CI/badge.svg?branch=main&event=push
|
||||
[build-link]: https://github.com/iqlusioninc/yubikey-piv.rs/actions
|
||||
[gitter-image]: https://badges.gitter.im/badge.svg
|
||||
[gitter-link]: https://gitter.im/iqlusioninc/community
|
||||
@@ -108,5 +108,5 @@ or conditions.
|
||||
[yubico-piv-tool]: https://github.com/Yubico/yubico-piv-tool/
|
||||
[Corrode]: https://github.com/jameysharp/corrode
|
||||
[cc-web]: https://contributor-covenant.org/
|
||||
[cc-md]: https://github.com/iqlusioninc/yubikey-cli.rs/blob/develop/CODE_OF_CONDUCT.md
|
||||
[cc-md]: https://github.com/iqlusioninc/yubikey-cli.rs/blob/main/CODE_OF_CONDUCT.md
|
||||
[BSDL]: https://opensource.org/licenses/BSD-2-Clause
|
||||
|
||||
+2
-2
@@ -19,7 +19,7 @@ use std::io::{self, Write};
|
||||
use std::str;
|
||||
use subtle_encoding::hex;
|
||||
use termcolor::{ColorSpec, StandardStreamLock, WriteColor};
|
||||
use x509_parser::parse_x509_der;
|
||||
use x509_parser::parse_x509_certificate;
|
||||
use yubikey_piv::{certificate::Certificate, key::*, YubiKey};
|
||||
|
||||
///Write information about certificate found in slot a la yubico-piv-tool output.
|
||||
@@ -41,7 +41,7 @@ pub fn print_cert_info(
|
||||
let fingerprint = Sha256::digest(&buf);
|
||||
let slot_id: u8 = slot.into();
|
||||
print_cert_attr(stream, "Slot", format!("{:x}", slot_id))?;
|
||||
match parse_x509_der(&buf) {
|
||||
match parse_x509_certificate(&buf) {
|
||||
Ok((_rem, cert)) => {
|
||||
print_cert_attr(
|
||||
stream,
|
||||
|
||||
+30
-15
@@ -49,7 +49,8 @@ use sha2::{Digest, Sha256};
|
||||
use std::convert::TryFrom;
|
||||
use std::fmt;
|
||||
use std::ops::DerefMut;
|
||||
use x509_parser::{parse_x509_der, x509::SubjectPublicKeyInfo};
|
||||
use x509::{der::Oid, RelativeDistinguishedName};
|
||||
use x509_parser::{parse_x509_certificate, x509::SubjectPublicKeyInfo};
|
||||
use zeroize::Zeroizing;
|
||||
|
||||
use crate::CB_OBJ_MAX;
|
||||
@@ -205,7 +206,13 @@ impl PublicKeyInfo {
|
||||
}
|
||||
OID_EC_PUBLIC_KEY => {
|
||||
let key_bytes = &subject_pki.subject_public_key.data;
|
||||
match read_pki::ec_parameters(&subject_pki.algorithm.parameters)? {
|
||||
let algorithm_parameters = subject_pki
|
||||
.algorithm
|
||||
.parameters
|
||||
.as_ref()
|
||||
.ok_or(Error::InvalidObject)?;
|
||||
|
||||
match read_pki::ec_parameters(algorithm_parameters)? {
|
||||
AlgorithmId::EccP256 => EcPublicKey::from_bytes(key_bytes)
|
||||
.map(PublicKeyInfo::EcP256)
|
||||
.map_err(|_| Error::InvalidObject),
|
||||
@@ -331,19 +338,21 @@ impl<'a> TryFrom<&'a [u8]> for Certificate {
|
||||
impl Certificate {
|
||||
/// Creates a new self-signed certificate for the given key. Writes the resulting
|
||||
/// certificate to the slot before returning it.
|
||||
pub fn generate_self_signed(
|
||||
///
|
||||
/// `extensions` is optional; if empty, no extensions will be included. Due to the
|
||||
/// need for an `O: Oid` type parameter, users who do not have any extensions should
|
||||
/// use the workaround `let extensions: &[x509::Extension<'_, &[u64]>] = &[];`.
|
||||
pub fn generate_self_signed<O: Oid>(
|
||||
yubikey: &mut YubiKey,
|
||||
key: SlotId,
|
||||
serial: impl Into<Serial>,
|
||||
not_after: Option<DateTime<Utc>>,
|
||||
subject: String,
|
||||
subject: &[RelativeDistinguishedName<'_>],
|
||||
subject_pki: PublicKeyInfo,
|
||||
extensions: &[x509::Extension<'_, O>],
|
||||
) -> Result<Self, Error> {
|
||||
let serial = serial.into();
|
||||
|
||||
// Issuer and subject are the same in self-signed certificates
|
||||
let issuer = subject.clone();
|
||||
|
||||
let mut tbs_cert = Buffer::new(Vec::with_capacity(CB_OBJ_MAX));
|
||||
|
||||
let signature_algorithm = match subject_pki.algorithm() {
|
||||
@@ -355,11 +364,13 @@ impl Certificate {
|
||||
x509::write::tbs_certificate(
|
||||
&serial.to_bytes(),
|
||||
&signature_algorithm,
|
||||
&issuer,
|
||||
// Issuer and subject are the same in self-signed certificates.
|
||||
&subject,
|
||||
Utc::now(),
|
||||
not_after,
|
||||
&subject,
|
||||
&subject_pki,
|
||||
&extensions,
|
||||
),
|
||||
tbs_cert.deref_mut(),
|
||||
)
|
||||
@@ -419,6 +430,15 @@ impl Certificate {
|
||||
)
|
||||
.expect("can serialize to Vec");
|
||||
|
||||
let (issuer, subject) = parse_x509_certificate(&data)
|
||||
.map(|(_, cert)| {
|
||||
(
|
||||
cert.tbs_certificate.issuer.to_string(),
|
||||
cert.tbs_certificate.subject.to_string(),
|
||||
)
|
||||
})
|
||||
.expect("We just serialized this correctly");
|
||||
|
||||
let cert = Certificate {
|
||||
serial,
|
||||
issuer,
|
||||
@@ -471,7 +491,7 @@ impl Certificate {
|
||||
return Err(Error::SizeError);
|
||||
}
|
||||
|
||||
let parsed_cert = match parse_x509_der(&cert) {
|
||||
let parsed_cert = match parse_x509_certificate(&cert) {
|
||||
Ok((_, cert)) => cert,
|
||||
_ => return Err(Error::InvalidObject),
|
||||
};
|
||||
@@ -631,12 +651,7 @@ mod read_pki {
|
||||
/// }
|
||||
/// ```
|
||||
pub(super) fn ec_parameters(parameters: &DerObject<'_>) -> Result<AlgorithmId, Error> {
|
||||
let curve_oid = match parameters.as_context_specific() {
|
||||
Ok((_, Some(named_curve))) => {
|
||||
named_curve.as_oid_val().map_err(|_| Error::InvalidObject)
|
||||
}
|
||||
_ => Err(Error::InvalidObject),
|
||||
}?;
|
||||
let curve_oid = parameters.as_oid_val().map_err(|_| Error::InvalidObject)?;
|
||||
|
||||
match curve_oid.to_string().as_str() {
|
||||
OID_NIST_P256 => Ok(AlgorithmId::EccP256),
|
||||
|
||||
+10
-10
@@ -32,11 +32,11 @@
|
||||
|
||||
use crate::{
|
||||
error::Error,
|
||||
metadata,
|
||||
metadata::{AdminData, ProtectedData},
|
||||
mgm::{MgmType, ADMIN_FLAGS_1_PROTECTED_MGM},
|
||||
yubikey::{YubiKey, ADMIN_FLAGS_1_PUK_BLOCKED},
|
||||
TAG_ADMIN, TAG_ADMIN_FLAGS_1, TAG_ADMIN_SALT, TAG_ADMIN_TIMESTAMP, TAG_PROTECTED,
|
||||
TAG_PROTECTED_FLAGS_1, TAG_PROTECTED_MGM,
|
||||
TAG_ADMIN_FLAGS_1, TAG_ADMIN_SALT, TAG_ADMIN_TIMESTAMP, TAG_PROTECTED_FLAGS_1,
|
||||
TAG_PROTECTED_MGM,
|
||||
};
|
||||
use log::error;
|
||||
use std::{
|
||||
@@ -79,8 +79,8 @@ impl Config {
|
||||
|
||||
let txn = yubikey.begin_transaction()?;
|
||||
|
||||
if let Ok(data) = metadata::read(&txn, TAG_ADMIN) {
|
||||
if let Ok(item) = metadata::get_item(&data, TAG_ADMIN_FLAGS_1) {
|
||||
if let Ok(admin_data) = AdminData::read(&txn) {
|
||||
if let Ok(item) = admin_data.get_item(TAG_ADMIN_FLAGS_1) {
|
||||
if item.is_empty() {
|
||||
error!("empty response for admin flags metadata item! ignoring");
|
||||
} else {
|
||||
@@ -94,7 +94,7 @@ impl Config {
|
||||
}
|
||||
}
|
||||
|
||||
if metadata::get_item(&data, TAG_ADMIN_SALT).is_ok() {
|
||||
if admin_data.get_item(TAG_ADMIN_SALT).is_ok() {
|
||||
if config.mgm_type != MgmType::Manual {
|
||||
error!("conflicting types of MGM key administration configured");
|
||||
} else {
|
||||
@@ -102,7 +102,7 @@ impl Config {
|
||||
}
|
||||
}
|
||||
|
||||
if let Ok(item) = metadata::get_item(&data, TAG_ADMIN_TIMESTAMP) {
|
||||
if let Ok(item) = admin_data.get_item(TAG_ADMIN_TIMESTAMP) {
|
||||
if item.len() != CB_ADMIN_TIMESTAMP {
|
||||
error!("pin timestamp in admin metadata is an invalid size");
|
||||
} else {
|
||||
@@ -117,10 +117,10 @@ impl Config {
|
||||
}
|
||||
}
|
||||
|
||||
if let Ok(data) = metadata::read(&txn, TAG_PROTECTED) {
|
||||
if let Ok(protected_data) = ProtectedData::read(&txn) {
|
||||
config.protected_data_available = true;
|
||||
|
||||
if let Ok(item) = metadata::get_item(&data, TAG_PROTECTED_FLAGS_1) {
|
||||
if let Ok(item) = protected_data.get_item(TAG_PROTECTED_FLAGS_1) {
|
||||
if item.is_empty() {
|
||||
error!("empty response for protected flags metadata item! ignoring");
|
||||
} else if item[0] & PROTECTED_FLAGS_1_PUK_NOBLOCK != 0 {
|
||||
@@ -128,7 +128,7 @@ impl Config {
|
||||
}
|
||||
}
|
||||
|
||||
if metadata::get_item(&data, TAG_PROTECTED_MGM).is_ok() {
|
||||
if protected_data.get_item(TAG_PROTECTED_MGM).is_ok() {
|
||||
if config.mgm_type != MgmType::Protected {
|
||||
error!(
|
||||
"conflicting types of mgm key administration configured: protected MGM exists"
|
||||
|
||||
+4
-6
@@ -83,12 +83,12 @@
|
||||
//! [YubiKey NEO]: https://support.yubico.com/support/solutions/articles/15000006494-yubikey-neo
|
||||
//! [YubiKey 4]: https://support.yubico.com/support/solutions/articles/15000006486-yubikey-4
|
||||
//! [YubiKey 5]: https://www.yubico.com/products/yubikey-5-overview/
|
||||
//! [status]: https://github.com/tarcieri/yubikey-piv.rs#status
|
||||
//! [status]: https://github.com/iqlusioninc/yubikey-piv.rs#status
|
||||
//! [yubico-piv-tool]: https://github.com/Yubico/yubico-piv-tool/
|
||||
//! [Corrode]: https://github.com/jameysharp/corrode
|
||||
//! [piv-tool-guide]: https://www.yubico.com/wp-content/uploads/2016/05/Yubico_PIV_Tool_Command_Line_Guide_en.pdf
|
||||
//! [cc-web]: https://contributor-covenant.org/
|
||||
//! [cc-md]: https://github.com/tarcieri/yubikey-piv.rs/blob/develop/CODE_OF_CONDUCT.md
|
||||
//! [cc-md]: https://github.com/iqlusioninc/yubikey-piv.rs/blob/main/CODE_OF_CONDUCT.md
|
||||
//! [BSDL]: https://opensource.org/licenses/BSD-2-Clause
|
||||
|
||||
// Adapted from yubico-piv-tool:
|
||||
@@ -122,8 +122,8 @@
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
#![doc(
|
||||
html_logo_url = "https://raw.githubusercontent.com/iqlusioninc/yubikey-piv.rs/develop/img/logo.png",
|
||||
html_root_url = "https://docs.rs/yubikey-piv/0.1.0"
|
||||
html_logo_url = "https://raw.githubusercontent.com/iqlusioninc/yubikey-piv.rs/main/img/logo.png",
|
||||
html_root_url = "https://docs.rs/yubikey-piv/0.3.0"
|
||||
)]
|
||||
#![forbid(unsafe_code)]
|
||||
#![warn(
|
||||
@@ -178,11 +178,9 @@ pub(crate) const CB_OBJ_TAG_MIN: usize = 2; // 1 byte tag + 1 byte len
|
||||
#[cfg(feature = "untested")]
|
||||
pub(crate) const CB_OBJ_TAG_MAX: usize = CB_OBJ_TAG_MIN + 2; // 1 byte tag + 3 bytes len
|
||||
|
||||
pub(crate) const TAG_ADMIN: u8 = 0x80;
|
||||
pub(crate) const TAG_ADMIN_FLAGS_1: u8 = 0x81;
|
||||
pub(crate) const TAG_ADMIN_SALT: u8 = 0x82;
|
||||
pub(crate) const TAG_ADMIN_TIMESTAMP: u8 = 0x83;
|
||||
pub(crate) const TAG_PROTECTED: u8 = 0x88;
|
||||
pub(crate) const TAG_PROTECTED_FLAGS_1: u8 = 0x81;
|
||||
pub(crate) const TAG_PROTECTED_MGM: u8 = 0x89;
|
||||
|
||||
|
||||
+124
-66
@@ -30,21 +30,89 @@
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
use crate::{
|
||||
error::Error, serialization::*, transaction::Transaction, Buffer, TAG_ADMIN, TAG_PROTECTED,
|
||||
};
|
||||
use std::marker::PhantomData;
|
||||
use zeroize::Zeroizing;
|
||||
|
||||
use crate::{error::Error, serialization::*, transaction::Transaction, Buffer};
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
use crate::{CB_OBJ_MAX, CB_OBJ_TAG_MAX};
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
use zeroize::Zeroizing;
|
||||
use std::iter;
|
||||
|
||||
const TAG_ADMIN: u8 = 0x80;
|
||||
const TAG_PROTECTED: u8 = 0x88;
|
||||
pub const OBJ_ADMIN_DATA: u32 = 0x005f_ff00;
|
||||
pub const OBJ_PRINTED: u32 = 0x005f_c109;
|
||||
|
||||
pub(crate) trait MetadataType: private::Sealed {}
|
||||
|
||||
/// A type variable corresponding to PIN-protected metadata.
|
||||
pub(crate) enum Protected {}
|
||||
impl MetadataType for Protected {}
|
||||
|
||||
/// A type variable corresponding to administrative metadata.
|
||||
pub(crate) enum Admin {}
|
||||
impl MetadataType for Admin {}
|
||||
|
||||
/// Metadata stored in a YubiKey.
|
||||
pub(crate) struct Metadata<T: MetadataType> {
|
||||
inner: Buffer,
|
||||
_marker: PhantomData<T>,
|
||||
}
|
||||
|
||||
/// PIN-protected metadata stored in a YubiKey.
|
||||
pub(crate) type ProtectedData = Metadata<Protected>;
|
||||
/// Administrative metadata stored in a YubiKey.
|
||||
pub(crate) type AdminData = Metadata<Admin>;
|
||||
|
||||
impl<T: MetadataType> Default for Metadata<T> {
|
||||
fn default() -> Self {
|
||||
Metadata {
|
||||
inner: Zeroizing::new(vec![]),
|
||||
_marker: PhantomData::default(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl<T: MetadataType> Metadata<T> {
|
||||
/// Read metadata
|
||||
pub(crate) fn read(txn: &Transaction<'_>) -> Result<Self, Error> {
|
||||
let data = txn.fetch_object(T::obj_id())?;
|
||||
Ok(Metadata {
|
||||
inner: Tlv::parse_single(data, T::tag())?,
|
||||
_marker: PhantomData::default(),
|
||||
})
|
||||
}
|
||||
|
||||
/// Write metadata
|
||||
#[cfg(feature = "untested")]
|
||||
pub(crate) fn write(&self, txn: &Transaction<'_>) -> Result<(), Error> {
|
||||
if self.inner.len() > CB_OBJ_MAX - CB_OBJ_TAG_MAX {
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
if self.inner.is_empty() {
|
||||
return Self::delete(txn);
|
||||
}
|
||||
|
||||
let mut buf = Zeroizing::new(vec![0u8; CB_OBJ_MAX]);
|
||||
let len = Tlv::write(&mut buf, T::tag(), &self.inner)?;
|
||||
|
||||
txn.save_object(T::obj_id(), &buf[..len])
|
||||
}
|
||||
|
||||
/// Delete metadata
|
||||
#[cfg(feature = "untested")]
|
||||
pub(crate) fn delete(txn: &Transaction<'_>) -> Result<(), Error> {
|
||||
txn.save_object(T::obj_id(), &[])
|
||||
}
|
||||
|
||||
/// Get metadata item
|
||||
pub(crate) fn get_item(mut data: &[u8], tag: u8) -> Result<&[u8], Error> {
|
||||
pub(crate) fn get_item(&self, tag: u8) -> Result<&[u8], Error> {
|
||||
let mut data = &self.inner[..];
|
||||
|
||||
while !data.is_empty() {
|
||||
let (remaining, tlv) = Tlv::parse(data)?;
|
||||
data = remaining;
|
||||
@@ -60,25 +128,18 @@ pub(crate) fn get_item(mut data: &[u8], tag: u8) -> Result<&[u8], Error> {
|
||||
|
||||
/// Set metadata item
|
||||
#[cfg(feature = "untested")]
|
||||
pub(crate) fn set_item(
|
||||
data: &mut [u8],
|
||||
pcb_data: &mut usize,
|
||||
cb_data_max: usize,
|
||||
tag: u8,
|
||||
p_item: &[u8],
|
||||
) -> Result<(), Error> {
|
||||
pub(crate) fn set_item(&mut self, tag: u8, item: &[u8]) -> Result<(), Error> {
|
||||
let mut cb_temp: usize = 0;
|
||||
let mut tag_temp: u8 = 0;
|
||||
let mut cb_len: usize = 0;
|
||||
let cb_item = p_item.len();
|
||||
|
||||
let mut offset = 0;
|
||||
|
||||
while offset < *pcb_data {
|
||||
tag_temp = data[offset];
|
||||
while offset < self.inner.len() {
|
||||
tag_temp = self.inner[offset];
|
||||
offset += 1;
|
||||
|
||||
cb_len = get_length(&data[offset..], &mut cb_temp);
|
||||
cb_len = get_length(&self.inner[offset..], &mut cb_temp);
|
||||
offset += cb_len;
|
||||
|
||||
if tag_temp == tag {
|
||||
@@ -89,13 +150,16 @@ pub(crate) fn set_item(
|
||||
}
|
||||
|
||||
if tag_temp != tag {
|
||||
if cb_item == 0 {
|
||||
if item.is_empty() {
|
||||
// We've been asked to delete an existing item that isn't in the blob
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
// We did not find an existing tag, append
|
||||
*pcb_data += Tlv::write(&mut data[*pcb_data..], tag, p_item)?;
|
||||
assert_eq!(offset, self.inner.len());
|
||||
self.inner
|
||||
.extend(iter::repeat(0).take(1 + get_length_size(item.len()) + item.len()));
|
||||
Tlv::write(&mut self.inner[offset..], tag, item)?;
|
||||
|
||||
return Ok(());
|
||||
}
|
||||
@@ -103,80 +167,50 @@ pub(crate) fn set_item(
|
||||
// Found tag
|
||||
|
||||
// Check length, if it matches, overwrite
|
||||
if cb_temp == cb_item {
|
||||
data[offset..offset + cb_item].copy_from_slice(p_item);
|
||||
if cb_temp == item.len() {
|
||||
self.inner[offset..offset + item.len()].copy_from_slice(item);
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
// Length doesn't match, expand/shrink to fit
|
||||
let next_offset = offset + cb_temp;
|
||||
// Must be signed to have negative offsets
|
||||
let cb_moved: isize = (cb_item as isize - cb_temp as isize)
|
||||
+ if cb_item != 0 {
|
||||
get_length_size(cb_item) as isize
|
||||
} else {
|
||||
let cb_moved: isize = (item.len() as isize - cb_temp as isize)
|
||||
+ if item.is_empty() {
|
||||
// For tag, if deleting
|
||||
-1
|
||||
} else {
|
||||
get_length_size(item.len()) as isize
|
||||
}
|
||||
// Accounts for different length encoding
|
||||
- cb_len as isize;
|
||||
|
||||
// If length would cause buffer overflow, return error
|
||||
if (*pcb_data as isize + cb_moved) as usize > cb_data_max {
|
||||
if (self.inner.len() as isize + cb_moved) as usize > CB_OBJ_MAX {
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
// Move remaining data
|
||||
data.copy_within(
|
||||
next_offset..*pcb_data,
|
||||
let orig_len = self.inner.len();
|
||||
if cb_moved > 0 {
|
||||
self.inner.extend(iter::repeat(0).take(cb_moved as usize));
|
||||
}
|
||||
self.inner.copy_within(
|
||||
next_offset..orig_len,
|
||||
(next_offset as isize + cb_moved) as usize,
|
||||
);
|
||||
*pcb_data = (*pcb_data as isize + cb_moved) as usize;
|
||||
self.inner
|
||||
.resize((orig_len as isize + cb_moved) as usize, 0);
|
||||
|
||||
// Re-encode item and insert
|
||||
if cb_item != 0 {
|
||||
if !item.is_empty() {
|
||||
offset -= cb_len;
|
||||
offset += set_length(&mut data[offset..], cb_item)?;
|
||||
data[offset..offset + cb_item].copy_from_slice(p_item);
|
||||
offset += set_length(&mut self.inner[offset..], item.len())?;
|
||||
self.inner[offset..offset + item.len()].copy_from_slice(item);
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Read metadata
|
||||
pub(crate) fn read(txn: &Transaction<'_>, tag: u8) -> Result<Buffer, Error> {
|
||||
let obj_id = match tag {
|
||||
TAG_ADMIN => OBJ_ADMIN_DATA,
|
||||
TAG_PROTECTED => OBJ_PRINTED,
|
||||
_ => return Err(Error::InvalidObject),
|
||||
};
|
||||
|
||||
let data = txn.fetch_object(obj_id)?;
|
||||
Tlv::parse_single(data, tag)
|
||||
}
|
||||
|
||||
/// Write metadata
|
||||
#[cfg(feature = "untested")]
|
||||
pub(crate) fn write(txn: &Transaction<'_>, tag: u8, data: &[u8]) -> Result<(), Error> {
|
||||
if data.len() > CB_OBJ_MAX - CB_OBJ_TAG_MAX {
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
|
||||
let obj_id = match tag {
|
||||
TAG_ADMIN => OBJ_ADMIN_DATA,
|
||||
TAG_PROTECTED => OBJ_PRINTED,
|
||||
_ => return Err(Error::InvalidObject),
|
||||
};
|
||||
|
||||
if data.is_empty() {
|
||||
// Deleting metadata
|
||||
return txn.save_object(obj_id, &[]);
|
||||
}
|
||||
|
||||
let mut buf = Zeroizing::new(vec![0u8; CB_OBJ_MAX]);
|
||||
let len = Tlv::write(&mut buf, tag, data)?;
|
||||
|
||||
txn.save_object(obj_id, &buf[..len])
|
||||
}
|
||||
|
||||
/// Get the size of a length tag for the given length
|
||||
@@ -190,3 +224,27 @@ fn get_length_size(length: usize) -> usize {
|
||||
3
|
||||
}
|
||||
}
|
||||
|
||||
mod private {
|
||||
use super::*;
|
||||
pub trait Sealed {
|
||||
fn tag() -> u8;
|
||||
fn obj_id() -> u32;
|
||||
}
|
||||
impl Sealed for Protected {
|
||||
fn tag() -> u8 {
|
||||
TAG_PROTECTED
|
||||
}
|
||||
fn obj_id() -> u32 {
|
||||
OBJ_PRINTED
|
||||
}
|
||||
}
|
||||
impl Sealed for Admin {
|
||||
fn tag() -> u8 {
|
||||
TAG_ADMIN
|
||||
}
|
||||
fn obj_id() -> u32 {
|
||||
OBJ_ADMIN_DATA
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
+93
-49
@@ -38,8 +38,9 @@ use zeroize::{Zeroize, Zeroizing};
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
use crate::{
|
||||
metadata, yubikey::YubiKey, CB_BUF_MAX, CB_OBJ_MAX, TAG_ADMIN, TAG_ADMIN_FLAGS_1,
|
||||
TAG_ADMIN_SALT, TAG_PROTECTED, TAG_PROTECTED_MGM,
|
||||
metadata::{AdminData, ProtectedData},
|
||||
yubikey::YubiKey,
|
||||
TAG_ADMIN_FLAGS_1, TAG_ADMIN_SALT, TAG_PROTECTED_MGM,
|
||||
};
|
||||
use des::{
|
||||
cipher::{generic_array::GenericArray, BlockCipher, NewBlockCipher},
|
||||
@@ -135,8 +136,8 @@ impl MgmKey {
|
||||
let txn = yubikey.begin_transaction()?;
|
||||
|
||||
// recover management key
|
||||
let data = metadata::read(&txn, TAG_ADMIN)?;
|
||||
let salt = metadata::get_item(&data, TAG_ADMIN_SALT)?;
|
||||
let admin_data = AdminData::read(&txn)?;
|
||||
let salt = admin_data.get_item(TAG_ADMIN_SALT)?;
|
||||
|
||||
if salt.len() != CB_ADMIN_SALT {
|
||||
error!(
|
||||
@@ -159,12 +160,12 @@ impl MgmKey {
|
||||
pub fn get_protected(yubikey: &mut YubiKey) -> Result<Self, Error> {
|
||||
let txn = yubikey.begin_transaction()?;
|
||||
|
||||
let data = metadata::read(&txn, TAG_PROTECTED).map_err(|e| {
|
||||
let protected_data = ProtectedData::read(&txn).map_err(|e| {
|
||||
error!("could not read protected data (err: {:?})", e);
|
||||
e
|
||||
})?;
|
||||
|
||||
let item = metadata::get_item(&data, TAG_PROTECTED_MGM).map_err(|e| {
|
||||
let item = protected_data.get_item(TAG_PROTECTED_MGM).map_err(|e| {
|
||||
error!("could not read protected MGM from metadata (err: {:?})", e);
|
||||
e
|
||||
})?;
|
||||
@@ -182,21 +183,84 @@ impl MgmKey {
|
||||
MgmKey::from_bytes(item)
|
||||
}
|
||||
|
||||
/// Set the management key (MGM)
|
||||
/// Resets the management key for the given YubiKey to the default value.
|
||||
///
|
||||
/// This will wipe any metadata related to derived and PIN-protected management keys.
|
||||
#[cfg(feature = "untested")]
|
||||
pub fn set(&self, yubikey: &mut YubiKey, touch: Option<u8>) -> Result<(), Error> {
|
||||
let txn = yubikey.begin_transaction()?;
|
||||
txn.set_mgm_key(&self, touch)
|
||||
pub fn set_default(yubikey: &mut YubiKey) -> Result<(), Error> {
|
||||
MgmKey::default().set_manual(yubikey, false)
|
||||
}
|
||||
|
||||
/// Set protected management key (MGM)
|
||||
/// Configures the given YubiKey to use this management key.
|
||||
///
|
||||
/// The management key must be stored by the user, and provided when performing key
|
||||
/// management operations.
|
||||
///
|
||||
/// This will wipe any metadata related to derived and PIN-protected management keys.
|
||||
#[cfg(feature = "untested")]
|
||||
pub fn set_protected(&self, yubikey: &mut YubiKey) -> Result<(), Error> {
|
||||
let mut data = Zeroizing::new(vec![0u8; CB_BUF_MAX]);
|
||||
|
||||
pub fn set_manual(&self, yubikey: &mut YubiKey, require_touch: bool) -> Result<(), Error> {
|
||||
let txn = yubikey.begin_transaction()?;
|
||||
|
||||
txn.set_mgm_key(self, None).map_err(|e| {
|
||||
txn.set_mgm_key(&self, require_touch).map_err(|e| {
|
||||
// Log a warning, since the device mgm key is corrupt or we're in a state
|
||||
// where we can't set the mgm key.
|
||||
error!("could not set new derived mgm key, err = {}", e);
|
||||
e
|
||||
})?;
|
||||
|
||||
// After this point, we've set the mgm key, so the function should succeed,
|
||||
// regardless of being able to set the metadata.
|
||||
|
||||
if let Ok(mut admin_data) = AdminData::read(&txn) {
|
||||
// Clear the protected mgm key bit.
|
||||
if let Ok(item) = admin_data.get_item(TAG_ADMIN_FLAGS_1) {
|
||||
let mut flags_1 = [0u8; 1];
|
||||
if item.len() == flags_1.len() {
|
||||
flags_1.copy_from_slice(item);
|
||||
flags_1[0] &= !ADMIN_FLAGS_1_PROTECTED_MGM;
|
||||
|
||||
if let Err(e) = admin_data.set_item(TAG_ADMIN_FLAGS_1, &flags_1) {
|
||||
error!("could not set admin flags item, err = {}", e);
|
||||
}
|
||||
} else {
|
||||
error!(
|
||||
"admin data flags are an incorrect size: {} (expected {})",
|
||||
item.len(),
|
||||
flags_1.len()
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
// Remove any existing salt for a derived mgm key.
|
||||
if let Err(e) = admin_data.set_item(TAG_ADMIN_SALT, &[]) {
|
||||
error!("could not unset derived mgm salt (err = {})", e)
|
||||
}
|
||||
|
||||
if let Err(e) = admin_data.write(&txn) {
|
||||
error!("could not write admin data, err = {}", e);
|
||||
}
|
||||
}
|
||||
|
||||
// Clear any prior mgm key from protected data.
|
||||
if let Ok(mut protected_data) = ProtectedData::read(&txn) {
|
||||
if let Err(e) = protected_data.set_item(TAG_PROTECTED_MGM, &[]) {
|
||||
error!("could not clear protected mgm item, err = {:?}", e);
|
||||
} else if let Err(e) = protected_data.write(&txn) {
|
||||
error!("could not write protected data, err = {:?}", e);
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Configures the given YubiKey to use this as a PIN-protected management key.
|
||||
///
|
||||
/// This enables key management operations to be performed with access to the PIN.
|
||||
#[cfg(feature = "untested")]
|
||||
pub fn set_protected(&self, yubikey: &mut YubiKey) -> Result<(), Error> {
|
||||
let txn = yubikey.begin_transaction()?;
|
||||
|
||||
txn.set_mgm_key(self, false).map_err(|e| {
|
||||
// log a warning, since the device mgm key is corrupt or we're in
|
||||
// a state where we can't set the mgm key
|
||||
error!("could not set new derived mgm key, err = {}", e);
|
||||
@@ -206,39 +270,25 @@ impl MgmKey {
|
||||
// after this point, we've set the mgm key, so the function should
|
||||
// succeed, regardless of being able to set the metadata
|
||||
|
||||
// set the new mgm key in protected data
|
||||
let buffer = match metadata::read(&txn, TAG_PROTECTED) {
|
||||
Ok(b) => b,
|
||||
Err(_) => {
|
||||
// set current metadata blob size to zero, we'll add to the blank blob
|
||||
Zeroizing::new(vec![])
|
||||
}
|
||||
};
|
||||
let mut cb_data = buffer.len();
|
||||
data[..cb_data].copy_from_slice(&buffer);
|
||||
// Fetch the current protected data, or start a blank metadata blob.
|
||||
let mut protected_data = ProtectedData::read(&txn).unwrap_or_default();
|
||||
|
||||
if let Err(e) = metadata::set_item(
|
||||
data.as_mut_slice(),
|
||||
&mut cb_data,
|
||||
CB_OBJ_MAX,
|
||||
TAG_PROTECTED_MGM,
|
||||
self.as_ref(),
|
||||
) {
|
||||
// Set the new mgm key in protected data.
|
||||
if let Err(e) = protected_data.set_item(TAG_PROTECTED_MGM, self.as_ref()) {
|
||||
error!("could not set protected mgm item, err = {:?}", e);
|
||||
} else {
|
||||
metadata::write(&txn, TAG_PROTECTED, &data).map_err(|e| {
|
||||
protected_data.write(&txn).map_err(|e| {
|
||||
error!("could not write protected data, err = {:?}", e);
|
||||
e
|
||||
})?;
|
||||
}
|
||||
|
||||
// set the protected mgm flag in admin data
|
||||
cb_data = data.len();
|
||||
|
||||
let mut flags_1 = [0u8; 1];
|
||||
|
||||
if let Ok(buffer) = metadata::read(&txn, TAG_ADMIN) {
|
||||
if let Ok(item) = metadata::get_item(&buffer, TAG_ADMIN_FLAGS_1) {
|
||||
let mut admin_data = if let Ok(mut admin_data) = AdminData::read(&txn) {
|
||||
if let Ok(item) = admin_data.get_item(TAG_ADMIN_FLAGS_1) {
|
||||
if item.len() == flags_1.len() {
|
||||
flags_1.copy_from_slice(item);
|
||||
} else {
|
||||
@@ -254,26 +304,20 @@ impl MgmKey {
|
||||
}
|
||||
|
||||
// remove any existing salt
|
||||
if let Err(e) =
|
||||
metadata::set_item(&mut data, &mut cb_data, CB_OBJ_MAX, TAG_ADMIN_SALT, &[])
|
||||
{
|
||||
if let Err(e) = admin_data.set_item(TAG_ADMIN_SALT, &[]) {
|
||||
error!("could not unset derived mgm salt (err = {})", e)
|
||||
}
|
||||
|
||||
admin_data
|
||||
} else {
|
||||
cb_data = 0;
|
||||
}
|
||||
AdminData::default()
|
||||
};
|
||||
|
||||
flags_1[0] |= ADMIN_FLAGS_1_PROTECTED_MGM;
|
||||
|
||||
if let Err(e) = metadata::set_item(
|
||||
data.as_mut_slice(),
|
||||
&mut cb_data,
|
||||
CB_OBJ_MAX,
|
||||
TAG_ADMIN_FLAGS_1,
|
||||
&flags_1,
|
||||
) {
|
||||
if let Err(e) = admin_data.set_item(TAG_ADMIN_FLAGS_1, &flags_1) {
|
||||
error!("could not set admin flags item, err = {}", e);
|
||||
} else if let Err(e) = metadata::write(&txn, TAG_ADMIN, &data[..cb_data]) {
|
||||
} else if let Err(e) = admin_data.write(&txn) {
|
||||
error!("could not write admin data, err = {}", e);
|
||||
}
|
||||
|
||||
|
||||
+2
-8
@@ -229,14 +229,8 @@ impl<'tx> Transaction<'tx> {
|
||||
|
||||
/// Set the management key (MGM).
|
||||
#[cfg(feature = "untested")]
|
||||
pub fn set_mgm_key(&self, new_key: &MgmKey, touch: Option<u8>) -> Result<(), Error> {
|
||||
let p2 = match touch.unwrap_or_default() {
|
||||
0 => 0xff,
|
||||
1 => 0xfe,
|
||||
_ => {
|
||||
return Err(Error::GenericError);
|
||||
}
|
||||
};
|
||||
pub fn set_mgm_key(&self, new_key: &MgmKey, require_touch: bool) -> Result<(), Error> {
|
||||
let p2 = if require_touch { 0xfe } else { 0xff };
|
||||
|
||||
let mut data = [0u8; DES_LEN_3DES + 3];
|
||||
data[0] = ALGO_3DES;
|
||||
|
||||
+17
-29
@@ -50,8 +50,8 @@ use std::{
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
use crate::{
|
||||
apdu::StatusWords, metadata, transaction::ChangeRefAction, Buffer, ObjectId, CB_BUF_MAX,
|
||||
CB_OBJ_MAX, MGMT_AID, TAG_ADMIN, TAG_ADMIN_FLAGS_1, TAG_ADMIN_TIMESTAMP,
|
||||
apdu::StatusWords, metadata::AdminData, transaction::ChangeRefAction, Buffer, ObjectId,
|
||||
MGMT_AID, TAG_ADMIN_FLAGS_1, TAG_ADMIN_TIMESTAMP,
|
||||
};
|
||||
use getrandom::getrandom;
|
||||
#[cfg(feature = "untested")]
|
||||
@@ -417,12 +417,9 @@ impl YubiKey {
|
||||
/// Set PIN last changed
|
||||
#[cfg(feature = "untested")]
|
||||
pub fn set_pin_last_changed(yubikey: &mut YubiKey) -> Result<(), Error> {
|
||||
let mut data = [0u8; CB_BUF_MAX];
|
||||
let txn = yubikey.begin_transaction()?;
|
||||
|
||||
let buffer = metadata::read(&txn, TAG_ADMIN)?;
|
||||
let mut cb_data = buffer.len();
|
||||
data[..cb_data].copy_from_slice(&buffer);
|
||||
let mut admin_data = AdminData::read(&txn)?;
|
||||
|
||||
// TODO(tarcieri): double check this is little endian
|
||||
let tnow = SystemTime::now()
|
||||
@@ -431,19 +428,14 @@ impl YubiKey {
|
||||
.as_secs()
|
||||
.to_le_bytes();
|
||||
|
||||
metadata::set_item(
|
||||
&mut data,
|
||||
&mut cb_data,
|
||||
CB_OBJ_MAX,
|
||||
TAG_ADMIN_TIMESTAMP,
|
||||
&tnow,
|
||||
)
|
||||
admin_data
|
||||
.set_item(TAG_ADMIN_TIMESTAMP, &tnow)
|
||||
.map_err(|e| {
|
||||
error!("could not set pin timestamp, err = {}", e);
|
||||
e
|
||||
})?;
|
||||
|
||||
metadata::write(&txn, TAG_ADMIN, &data).map_err(|e| {
|
||||
admin_data.write(&txn).map_err(|e| {
|
||||
error!("could not write admin data, err = {}", e);
|
||||
e
|
||||
})?;
|
||||
@@ -494,8 +486,10 @@ impl YubiKey {
|
||||
}
|
||||
}
|
||||
|
||||
if let Ok(data) = metadata::read(&txn, TAG_ADMIN) {
|
||||
if let Ok(item) = metadata::get_item(&data, TAG_ADMIN_FLAGS_1) {
|
||||
// Attempt to set the "PUK blocked" flag in admin data.
|
||||
|
||||
let mut admin_data = if let Ok(admin_data) = AdminData::read(&txn) {
|
||||
if let Ok(item) = admin_data.get_item(TAG_ADMIN_FLAGS_1) {
|
||||
if item.len() == flags.len() {
|
||||
flags.copy_from_slice(item)
|
||||
} else {
|
||||
@@ -506,22 +500,16 @@ impl YubiKey {
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
admin_data
|
||||
} else {
|
||||
AdminData::default()
|
||||
};
|
||||
|
||||
flags[0] |= ADMIN_FLAGS_1_PUK_BLOCKED;
|
||||
let mut data = [0u8; CB_BUF_MAX];
|
||||
let mut cb_data: usize = data.len();
|
||||
|
||||
if metadata::set_item(
|
||||
&mut data,
|
||||
&mut cb_data,
|
||||
CB_OBJ_MAX,
|
||||
TAG_ADMIN_FLAGS_1,
|
||||
&flags,
|
||||
)
|
||||
.is_ok()
|
||||
{
|
||||
if metadata::write(&txn, TAG_ADMIN, &data[..cb_data]).is_err() {
|
||||
if admin_data.set_item(TAG_ADMIN_FLAGS_1, &flags).is_ok() {
|
||||
if admin_data.write(&txn).is_err() {
|
||||
error!("could not write admin metadata");
|
||||
}
|
||||
} else {
|
||||
|
||||
+43
-1
@@ -10,6 +10,7 @@ use rsa::{hash::Hash::SHA2_256, PaddingScheme, PublicKey};
|
||||
use sha2::{Digest, Sha256};
|
||||
use std::convert::TryInto;
|
||||
use std::{env, sync::Mutex};
|
||||
use x509::RelativeDistinguishedName;
|
||||
use yubikey_piv::{
|
||||
certificate::{Certificate, PublicKeyInfo},
|
||||
key::{self, AlgorithmId, Key, RetiredSlotId, SlotId},
|
||||
@@ -106,6 +107,45 @@ fn test_verify_pin() {
|
||||
assert!(yubikey.verify_pin(b"123456").is_ok());
|
||||
}
|
||||
|
||||
//
|
||||
// Management key support
|
||||
//
|
||||
|
||||
#[cfg(feature = "untested")]
|
||||
#[test]
|
||||
#[ignore]
|
||||
fn test_set_mgmkey() {
|
||||
let mut yubikey = YUBIKEY.lock().unwrap();
|
||||
|
||||
assert!(yubikey.verify_pin(b"123456").is_ok());
|
||||
assert!(MgmKey::get_protected(&mut yubikey).is_err());
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
|
||||
|
||||
// Set a protected management key.
|
||||
assert!(MgmKey::generate()
|
||||
.unwrap()
|
||||
.set_protected(&mut yubikey)
|
||||
.is_ok());
|
||||
let protected = MgmKey::get_protected(&mut yubikey).unwrap();
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_err());
|
||||
assert!(yubikey.authenticate(protected.clone()).is_ok());
|
||||
|
||||
// Set a manual management key.
|
||||
let manual = MgmKey::generate().unwrap();
|
||||
assert!(manual.set_manual(&mut yubikey, false).is_ok());
|
||||
assert!(MgmKey::get_protected(&mut yubikey).is_err());
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_err());
|
||||
assert!(yubikey.authenticate(protected.clone()).is_err());
|
||||
assert!(yubikey.authenticate(manual.clone()).is_ok());
|
||||
|
||||
// Set back to the default management key.
|
||||
assert!(MgmKey::set_default(&mut yubikey).is_ok());
|
||||
assert!(MgmKey::get_protected(&mut yubikey).is_err());
|
||||
assert!(yubikey.authenticate(protected).is_err());
|
||||
assert!(yubikey.authenticate(manual).is_err());
|
||||
assert!(yubikey.authenticate(MgmKey::default()).is_ok());
|
||||
}
|
||||
|
||||
//
|
||||
// Certificate support
|
||||
//
|
||||
@@ -132,13 +172,15 @@ fn generate_self_signed_cert(algorithm: AlgorithmId) -> Certificate {
|
||||
getrandom(&mut serial).unwrap();
|
||||
|
||||
// Generate a self-signed certificate for the new key.
|
||||
let extensions: &[x509::Extension<'_, &[u64]>] = &[];
|
||||
let cert_result = Certificate::generate_self_signed(
|
||||
&mut yubikey,
|
||||
slot,
|
||||
serial,
|
||||
None,
|
||||
"testSubject".to_owned(),
|
||||
&[RelativeDistinguishedName::common_name("testSubject")],
|
||||
generated,
|
||||
extensions,
|
||||
);
|
||||
|
||||
assert!(cert_result.is_ok());
|
||||
|
||||
Reference in New Issue
Block a user