diff --git a/CHANGELOG.md b/CHANGELOG.md index 947727e..ae9d4ed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,8 +5,20 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## Unreleased +### Added +- `yubikey::certificate::SelfSigned` +- `yubikey::Error::CertificateBuilder` + ### Changed - MSRV is now 1.81. +- Migrated the public API to the following (pre-release) dependencies: + - `der 0.8.0-rc.1` + - `ecdsa 0.17.0-pre.9` + - `p256 0.14.0-pre.2` + - `p384 0.14.0-pre.2` + - `rsa 0.10.0-pre.3` + - `sha2 0.11.0-pre.4` + - `x509-cert 0.3.0-pre.0` ## 0.8.0 (2023-08-15) ### Added diff --git a/Cargo.lock b/Cargo.lock index f1d542e..4602d8b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -59,6 +59,15 @@ dependencies = [ "windows-sys", ] +[[package]] +name = "async-signature" +version = "0.6.0-pre.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f9bdb5df8dde2bd1ec515a0981636508bb37d55984d0bae3678d4ac859125431" +dependencies = [ + "signature", +] + [[package]] name = "autocfg" version = "1.1.0" @@ -91,11 +100,11 @@ checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" [[package]] name = "block-buffer" -version = "0.10.4" +version = "0.11.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +checksum = "3fd016a0ddc7cb13661bf5576073ce07330a693f8608a1320b4e20561cc12cdc" dependencies = [ - "generic-array", + "hybrid-array", ] [[package]] @@ -112,9 +121,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "cipher" -version = "0.4.4" +version = "0.5.0-pre.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +checksum = "5b1425e6ce000f05a73096556cabcfb6a10a3ffe3bb4d75416ca8f00819c0b6a" dependencies = [ "crypto-common", "inout", @@ -168,9 +177,9 @@ checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" [[package]] name = "const-oid" -version = "0.9.5" +version = "0.10.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f" +checksum = "68ff6be19477a1bd5441f382916a89bc2a0b2c35db6d41e0f6e8538bf6d6463f" [[package]] name = "cpufeatures" @@ -183,11 +192,12 @@ dependencies = [ [[package]] name = "crypto-bigint" -version = "0.5.5" +version = "0.6.0-rc.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +checksum = "d748d1f5b807ee6d0df5a548d0130417295c3aaed1dcbbb3d6a2e7106e11fcca" dependencies = [ - "generic-array", + "hybrid-array", + "num-traits", "rand_core", "subtle", "zeroize", @@ -195,19 +205,20 @@ dependencies = [ [[package]] name = "crypto-common" -version = "0.1.6" +version = "0.2.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +checksum = "b0b8ce8218c97789f16356e7896b3714f26c2ee1079b79c0b7ae7064bb9089fa" dependencies = [ - "generic-array", - "typenum", + "getrandom", + "hybrid-array", + "rand_core", ] [[package]] name = "der" -version = "0.7.8" +version = "0.8.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" +checksum = "82db698b33305f0134faf590b9d1259dc171b5481ac41d5c8146c3b3ee7d4319" dependencies = [ "const-oid", "der_derive", @@ -218,9 +229,9 @@ dependencies = [ [[package]] name = "der_derive" -version = "0.7.2" +version = "0.8.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5fe87ce4529967e0ba1dcf8450bab64d97dfd5010a6256187ffe2e43e6f0e049" +checksum = "211bea8bb45f5f61bc857104606913ef8ac8b5ec698143aa2aa96a7ffdc94991" dependencies = [ "proc-macro2", "quote", @@ -229,18 +240,18 @@ dependencies = [ [[package]] name = "des" -version = "0.8.1" +version = "0.9.0-pre.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ffdd80ce8ce993de27e9f063a444a4d53ce8e8db4c1f00cc03af5ad5a9867a1e" +checksum = "76239c731adb4b5204cfeec47bd06ec1071d9477a0d32bbb83dc7d8c599efe63" dependencies = [ "cipher", ] [[package]] name = "digest" -version = "0.10.7" +version = "0.11.0-pre.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +checksum = "cf2e3d6615d99707295a9673e889bf363a04b2a466bd320c65a72536f7577379" dependencies = [ "block-buffer", "const-oid", @@ -250,9 +261,9 @@ dependencies = [ [[package]] name = "ecdsa" -version = "0.16.9" +version = "0.17.0-pre.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +checksum = "7e62f2041a28c40b8884b79fbd19bc7457d76c6397767831e9ff4029fc0473a9" dependencies = [ "der", "digest", @@ -264,17 +275,17 @@ dependencies = [ [[package]] name = "elliptic-curve" -version = "0.13.8" +version = "0.14.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +checksum = "cc43715037532dc2d061e5c97e81b684c28993d52a4fa4eb7d2ce2826d78f2f2" dependencies = [ "base16ct", "crypto-bigint", "digest", "ff", - "generic-array", "group", "hkdf", + "hybrid-array", "pem-rfc7468", "pkcs8", "rand_core", @@ -318,20 +329,9 @@ dependencies = [ [[package]] name = "flagset" -version = "0.4.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d52a7e408202050813e6f1d9addadcaafef3dca7530c7ddfb005d4081cce6779" - -[[package]] -name = "generic-array" -version = "0.14.7" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" -dependencies = [ - "typenum", - "version_check", - "zeroize", -] +checksum = "b3ea1ec5f8307826a5b71094dd91fc04d4ae75d5709b20ad351c7fb4815c86ec" [[package]] name = "getrandom" @@ -369,18 +369,18 @@ checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" [[package]] name = "hkdf" -version = "0.12.3" +version = "0.13.0-pre.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "791a029f6b9fc27657f6f188ec6e5e43f6911f6f878e0dc5501396e09809d437" +checksum = "00176ff81091018d42ff82e8324f8e5adb0b7e0468d1358f653972562dbff031" dependencies = [ "hmac", ] [[package]] name = "hmac" -version = "0.12.1" +version = "0.13.0-pre.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +checksum = "e4b1fb14e4df79f9406b434b60acef9f45c26c50062cccf1346c6103b8c47d58" dependencies = [ "digest", ] @@ -391,13 +391,23 @@ version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" +[[package]] +name = "hybrid-array" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "45a9a965bb102c1c891fb017c09a05c965186b1265a207640f323ddd009f9deb" +dependencies = [ + "typenum", + "zeroize", +] + [[package]] name = "inout" -version = "0.1.3" +version = "0.2.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5" +checksum = "14db49369b2c3f15deb5806de446e05c7f07a2d778b54b278c994fcd1d686f31" dependencies = [ - "generic-array", + "hybrid-array", ] [[package]] @@ -507,9 +517,9 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.17" +version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", "libm", @@ -523,9 +533,9 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "p256" -version = "0.13.2" +version = "0.14.0-pre.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" +checksum = "71f3fd64a9cad9c26ed7f734b152196d5e56376b9957c832bcca0de48a708080" dependencies = [ "ecdsa", "elliptic-curve", @@ -535,9 +545,9 @@ dependencies = [ [[package]] name = "p384" -version = "0.13.0" +version = "0.14.0-pre.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209" +checksum = "1e19554fe6ee269c860a0f231cbba714e5cbef26a927c75d8e30ac9040a4b32e" dependencies = [ "ecdsa", "elliptic-curve", @@ -547,9 +557,9 @@ dependencies = [ [[package]] name = "pbkdf2" -version = "0.12.2" +version = "0.13.0-pre.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2" +checksum = "85e11753d5193f26dc27ae698e0b536b5e511b7799c5ac475ec10783f26d164a" dependencies = [ "digest", "hmac", @@ -576,18 +586,18 @@ dependencies = [ [[package]] name = "pem-rfc7468" -version = "0.7.0" +version = "1.0.0-rc.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +checksum = "c2dfbfa5c6f0906884269722c5478e72fd4d6c0e24fe600332c6d62359567ce1" dependencies = [ "base64ct", ] [[package]] name = "pkcs1" -version = "0.7.5" +version = "0.8.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" +checksum = "226eb25e2c46c166ce498ac0f606ac623142d640064879ff445938accddff1e2" dependencies = [ "der", "pkcs8", @@ -596,9 +606,9 @@ dependencies = [ [[package]] name = "pkcs8" -version = "0.10.2" +version = "0.11.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +checksum = "eacd2c7141f32aef1cfd1ad0defb5287a3d94592d7ab57c1ae20e3f9f1f0db1f" dependencies = [ "der", "spki", @@ -618,9 +628,9 @@ checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" [[package]] name = "primeorder" -version = "0.13.6" +version = "0.14.0-pre.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" +checksum = "b794117b388378d55629f78f61e64e182baa200bf59c1a8205e0c46508ce5873" dependencies = [ "elliptic-curve", ] @@ -704,9 +714,9 @@ checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "rfc6979" -version = "0.4.0" +version = "0.5.0-pre.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +checksum = "871ee76a3eee98b0f805e5d1caf26929f4565073c580c053a55f886fc15dea49" dependencies = [ "hmac", "subtle", @@ -714,9 +724,9 @@ dependencies = [ [[package]] name = "rsa" -version = "0.9.6" +version = "0.10.0-pre.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc" +checksum = "07058e83b684989ab0559f9e22322f4e3f7e49147834ed0bae40486b9e70473c" dependencies = [ "const-oid", "digest", @@ -748,13 +758,13 @@ dependencies = [ [[package]] name = "sec1" -version = "0.7.3" +version = "0.8.0-rc.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +checksum = "d1988446eff153796413a73669dfaa4caa3f5ce8b25fac89e3821a39c611772e" dependencies = [ "base16ct", "der", - "generic-array", + "hybrid-array", "pkcs8", "subtle", "zeroize", @@ -791,9 +801,9 @@ dependencies = [ [[package]] name = "sha1" -version = "0.10.6" +version = "0.11.0-pre.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" +checksum = "9540978cef7a8498211c1b1c14e5ce920fe5bd524ea84f4a3d72d4602515ae93" dependencies = [ "cfg-if", "cpufeatures", @@ -802,9 +812,9 @@ dependencies = [ [[package]] name = "sha2" -version = "0.10.8" +version = "0.11.0-pre.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" +checksum = "540c0893cce56cdbcfebcec191ec8e0f470dd1889b6e7a0b503e310a94a168f5" dependencies = [ "cfg-if", "cpufeatures", @@ -813,9 +823,9 @@ dependencies = [ [[package]] name = "signature" -version = "2.2.0" +version = "2.3.0-pre.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +checksum = "054d71959c7051b9042c26af337f05cc930575ed2604d7d3ced3158383e59734" dependencies = [ "digest", "rand_core", @@ -835,9 +845,9 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" [[package]] name = "spki" -version = "0.7.3" +version = "0.8.0-rc.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +checksum = "37ac66481418fd7afdc584adcf3be9aa572cf6c2858814494dc2a01755f050bc" dependencies = [ "base64ct", "der", @@ -851,9 +861,9 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "subtle" -version = "2.5.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "syn" @@ -923,12 +933,6 @@ dependencies = [ "getrandom", ] -[[package]] -name = "version_check" -version = "0.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" - [[package]] name = "wasi" version = "0.11.0+wasi-snapshot-preview1" @@ -1034,10 +1038,11 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "x509-cert" -version = "0.2.5" +version = "0.3.0-pre.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94" +checksum = "2db382aa43c1fb5c419a960f72c3847ab0f383f635fc2e25f0bd6c5fb94371d1" dependencies = [ + "async-signature", "const-oid", "der", "sha1", @@ -1056,7 +1061,6 @@ dependencies = [ "ecdsa", "elliptic-curve", "env_logger", - "hmac", "log", "nom", "num-bigint-dig", @@ -1096,9 +1100,9 @@ dependencies = [ [[package]] name = "zeroize" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" dependencies = [ "zeroize_derive", ] diff --git a/Cargo.toml b/Cargo.toml index b92d9e4..bbbf832 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,30 +20,30 @@ rust-version = "1.81" members = [".", "cli"] [workspace.dependencies] -x509-cert = { version = "0.2.5", features = [ "builder", "hazmat" ] } +sha2 = "=0.11.0-pre.4" +x509-cert = { version = "=0.3.0-pre.0", features = [ "builder", "hazmat" ] } [dependencies] -der = "0.7.1" -des = "0.8" -elliptic-curve = "0.13" +der = "=0.8.0-rc.1" +des = "=0.9.0-pre.2" +elliptic-curve = "=0.14.0-rc.1" hex = { package = "base16ct", version = "0.2", features = ["alloc"] } -hmac = "0.12" log = "0.4" nom = "7" num-bigint-dig = { version = "0.8", features = ["rand"] } num-traits = "0.2" num-integer = "0.1" -ecdsa = { version = "0.16.7", features = ["digest", "pem"] } -p256 = "0.13" -p384 = "0.13" -pbkdf2 = { version = "0.12", default-features = false, features = ["hmac"] } +ecdsa = { version = "=0.17.0-pre.9", features = ["digest", "pem"] } +p256 = "=0.14.0-pre.2" +p384 = "=0.14.0-pre.2" +pbkdf2 = { version = "=0.13.0-pre.1", default-features = false, features = ["hmac"] } pcsc = "2.3.1" rand_core = { version = "0.6", features = ["std"] } -rsa = { version = "0.9.6", features = ["sha2"] } +rsa = { version = "=0.10.0-pre.3", features = ["sha2"] } secrecy = "0.8" -sha1 = { version = "0.10", features = ["oid"] } -sha2 = { version = "0.10", features = ["oid"] } -signature = "2" +sha1 = { version = "=0.11.0-pre.4", features = ["oid"] } +sha2 = { workspace = true, features = ["oid"] } +signature = "=2.3.0-pre.4" subtle = "2" uuid = { version = "1.2", features = ["v4"] } x509-cert.workspace = true @@ -52,7 +52,6 @@ zeroize = "1" [dev-dependencies] env_logger = "0.10" once_cell = "1" -signature = "2" [features] untested = [] diff --git a/cli/Cargo.toml b/cli/Cargo.toml index 702ad92..21c3973 100644 --- a/cli/Cargo.toml +++ b/cli/Cargo.toml @@ -20,7 +20,7 @@ env_logger = "0.10" hex = { package = "base16ct", version = "0.2", features = ["alloc"] } log = "0.4" once_cell = "1" -sha2 = "0.10" +sha2.workspace = true termcolor = "1" x509-cert.workspace = true yubikey = { version = "0.8", path = ".." } diff --git a/cli/src/terminal.rs b/cli/src/terminal.rs index 6f57bb1..3cbac62 100644 --- a/cli/src/terminal.rs +++ b/cli/src/terminal.rs @@ -188,11 +188,14 @@ pub fn print_cert_info( print_cert_attr( stream, "Algorithm", - cert.tbs_certificate.subject_public_key_info.algorithm.oid, + cert.tbs_certificate() + .subject_public_key_info() + .algorithm + .oid, )?; - print_cert_attr(stream, "Subject", &cert.tbs_certificate.subject)?; - print_cert_attr(stream, "Issuer", &cert.tbs_certificate.issuer)?; + print_cert_attr(stream, "Subject", &cert.tbs_certificate().subject())?; + print_cert_attr(stream, "Issuer", &cert.tbs_certificate().issuer())?; print_cert_attr( stream, "Fingerprint", @@ -201,9 +204,13 @@ pub fn print_cert_info( print_cert_attr( stream, "Not Before", - cert.tbs_certificate.validity.not_before, + cert.tbs_certificate().validity().not_before, + )?; + print_cert_attr( + stream, + "Not After", + cert.tbs_certificate().validity().not_after, )?; - print_cert_attr(stream, "Not After", cert.tbs_certificate.validity.not_after)?; Ok(()) } diff --git a/src/certificate.rs b/src/certificate.rs index 6cada81..dfd5b23 100644 --- a/src/certificate.rs +++ b/src/certificate.rs @@ -41,8 +41,8 @@ use crate::{ }; use log::error; use x509_cert::{ - builder::{Builder, CertificateBuilder, Profile}, - der::{self, referenced::OwnedToRef, Decode, Encode}, + builder::{profile::BuilderProfile, Builder, CertificateBuilder}, + der::{referenced::OwnedToRef, Decode, Encode}, name::Name, serial_number::SerialNumber, spki::{SubjectPublicKeyInfoOwned, SubjectPublicKeyInfoRef}, @@ -109,23 +109,18 @@ impl Certificate { extensions: F, ) -> Result where - F: FnOnce(&mut CertificateBuilder<'_, yubikey_signer::Signer<'_, KT>>) -> der::Result<()>, + F: FnOnce(&mut CertificateBuilder) -> der::Result<()>, { - let signer = yubikey_signer::Signer::new(yubikey, key, subject_pki.owned_to_ref())?; - let mut builder = CertificateBuilder::new( - Profile::Manual { issuer: None }, - serial, - validity, - subject, - subject_pki, - &signer, - ) - .map_err(|_| Error::KeyError)?; + let signer = + yubikey_signer::Signer::<'_, KT>::new(yubikey, key, subject_pki.owned_to_ref())?; + let mut builder = + CertificateBuilder::new(SelfSigned { subject }, serial, validity, subject_pki) + .map_err(|_| Error::KeyError)?; // Add custom extensions extensions(&mut builder)?; - let cert = builder.build().map_err(|_| Error::KeyError)?; + let cert = builder.build(&signer).map_err(|_| Error::KeyError)?; let cert = Self { cert }; cert.write(yubikey, key, CertInfo::Uncompressed)?; @@ -174,23 +169,55 @@ impl Certificate { /// Returns the Issuer field of the certificate. pub fn issuer(&self) -> String { - self.cert.tbs_certificate.issuer.to_string() + self.cert.tbs_certificate().issuer().to_string() } /// Returns the SubjectName field of the certificate. pub fn subject(&self) -> String { - self.cert.tbs_certificate.subject.to_string() + self.cert.tbs_certificate().subject().to_string() } /// Returns the SubjectPublicKeyInfo field of the certificate. pub fn subject_pki(&self) -> SubjectPublicKeyInfoRef<'_> { self.cert - .tbs_certificate - .subject_public_key_info + .tbs_certificate() + .subject_public_key_info() .owned_to_ref() } } +/// A [`BuilderProfile`] for self-signed certificates. +/// +/// This profile has no default extensions. +pub struct SelfSigned { + subject: Name, +} + +impl BuilderProfile for SelfSigned { + fn get_issuer(&self, subject: &Name) -> Name { + // RFC 5280 Section 3.2: + // + // > Self-issued certificates are CA certificates in which the issuer and subject + // > are the same entity. [..] Self-signed certificates are self-issued + // > certificates where the digital signature may be verified by the public key + // > bound into the certificate. + subject.clone() + } + + fn get_subject(&self) -> Name { + self.subject.clone() + } + + fn build_extensions( + &self, + _spk: SubjectPublicKeyInfoRef<'_>, + _issuer_spk: SubjectPublicKeyInfoRef<'_>, + _tbs: &x509_cert::TbsCertificate, + ) -> x509_cert::builder::Result> { + Ok(vec![]) + } +} + /// Read certificate pub(crate) fn read_certificate(txn: &Transaction<'_>, slot: SlotId) -> Result { let object_id = slot.object_id(); diff --git a/src/error.rs b/src/error.rs index 2f0d35e..83c5069 100644 --- a/src/error.rs +++ b/src/error.rs @@ -57,6 +57,9 @@ pub enum Error { /// Authentication error AuthenticationError, + /// Error while building a certificate + CertificateBuilder, + /// Generic error GenericError, @@ -136,6 +139,7 @@ impl Error { } Error::ArgumentError => f.write_str("argument error"), Error::AuthenticationError => f.write_str("authentication error"), + Error::CertificateBuilder => f.write_str("certificate builder error"), Error::GenericError => f.write_str("generic error"), Error::InvalidObject => f.write_str("invalid object"), Error::KeyError => f.write_str("key error"), @@ -197,3 +201,9 @@ impl From for Error { Error::ParseError } } + +impl From for Error { + fn from(_err: x509_cert::builder::Error) -> Error { + Error::CertificateBuilder + } +} diff --git a/src/mgm.rs b/src/mgm.rs index 966f084..59503d8 100644 --- a/src/mgm.rs +++ b/src/mgm.rs @@ -42,7 +42,7 @@ use crate::{ yubikey::YubiKey, }; use des::{ - cipher::{generic_array::GenericArray, BlockDecrypt, BlockEncrypt, KeyInit}, + cipher::{BlockCipherDecrypt, BlockCipherEncrypt, KeyInit}, TdesEde3, }; #[cfg(feature = "untested")] @@ -314,16 +314,14 @@ impl MgmKey { /// Encrypt with 3DES key pub(crate) fn encrypt(&self, input: &[u8; DES_LEN_DES]) -> [u8; DES_LEN_DES] { let mut output = input.to_owned(); - TdesEde3::new(GenericArray::from_slice(&self.0)) - .encrypt_block(GenericArray::from_mut_slice(&mut output)); + TdesEde3::new(&self.0.into()).encrypt_block((&mut output).into()); output } /// Decrypt with 3DES key pub(crate) fn decrypt(&self, input: &[u8; DES_LEN_DES]) -> [u8; DES_LEN_DES] { let mut output = input.to_owned(); - TdesEde3::new(GenericArray::from_slice(&self.0)) - .decrypt_block(GenericArray::from_mut_slice(&mut output)); + TdesEde3::new(&self.0.into()).decrypt_block((&mut output).into()); output } } diff --git a/src/transaction.rs b/src/transaction.rs index ccc743f..227bf43 100644 --- a/src/transaction.rs +++ b/src/transaction.rs @@ -183,7 +183,7 @@ impl<'tx> Transaction<'tx> { if !pin.is_empty() { let mut data = Zeroizing::new([0xff; CB_PIN_MAX]); data[0..pin.len()].copy_from_slice(pin); - query.data(data.as_ref()); + query.data(data.as_slice()); } let response = query.transmit(self, 261)?;