From 502c9da65dc8aca77a3eba58a8079073e3701f1b Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Sun, 11 Jul 2021 07:36:43 -0700 Subject: [PATCH] Bump `elliptic-curve` to v0.10; MSRV 1.51+ Also updates the following: - `p256` v0.9 - `p384` v0.8 --- .github/workflows/ci.yml | 10 +-- COPYING | 2 +- Cargo.lock | 185 ++++++++------------------------------- Cargo.toml | 7 +- README.md | 6 +- cli/README.md | 4 +- cli/src/lib.rs | 4 +- src/lib.rs | 12 +-- src/yubikey.rs | 2 +- tests/integration.rs | 15 ++-- 10 files changed, 64 insertions(+), 183 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1071f0a3..b086e66f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,13 +36,13 @@ jobs: toolchain: stable deps: true - platform: ubuntu-latest - toolchain: 1.47.0 # MSRV + toolchain: 1.51.0 # MSRV deps: sudo apt-get install libpcsclite-dev - platform: windows-latest - toolchain: 1.47.0 # MSRV + toolchain: 1.51.0 # MSRV deps: true - platform: macos-latest - toolchain: 1.47.0 # MSRV + toolchain: 1.51.0 # MSRV deps: true runs-on: ${{ matrix.platform }} steps: @@ -82,8 +82,8 @@ jobs: - uses: actions-rs/toolchain@v1 with: profile: minimal - toolchain: 1.47.0 # MSRV + toolchain: 1.51.0 # MSRV components: clippy override: true - run: sudo apt-get install libpcsclite-dev - - run: cargo clippy --all --exclude crypto_box --all-features -- -D warnings + - run: cargo clippy --all --all-features -- -D warnings diff --git a/COPYING b/COPYING index 41eb6221..ceb2ad58 100644 --- a/COPYING +++ b/COPYING @@ -1,4 +1,4 @@ -Copyright (c) 2014-2019 Yubico AB, Tony Arcieri +Copyright (c) 2014-2021 Yubico AB, Tony Arcieri All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/Cargo.lock b/Cargo.lock index 9ebd027b..f1aeb1f4 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -59,19 +59,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8942c8d352ae1838c9dda0b0ca2ab657696ef2232a20147cf1b30ae1a9cb4321" dependencies = [ "funty", - "radium 0.5.3", - "tap", - "wyz", -] - -[[package]] -name = "bitvec" -version = "0.20.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7774144344a4faa177370406a7ff5f1da24303817368584c6206c8303eb07848" -dependencies = [ - "funty", - "radium 0.6.2", + "radium", "tap", "wyz", ] @@ -85,24 +73,12 @@ dependencies = [ "generic-array", ] -[[package]] -name = "bumpalo" -version = "3.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c59e7af012c713f529e7a3ee57ce9b31ddd858d4b512923602f74608b009631" - [[package]] name = "byteorder" version = "1.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" -[[package]] -name = "cc" -version = "1.0.68" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4a72c244c1ff497a746a7e1fb3d14bd08420ecda70c8f25c7112f2781652d787" - [[package]] name = "cfg-if" version = "1.0.0" @@ -133,9 +109,9 @@ dependencies = [ [[package]] name = "const-oid" -version = "0.5.2" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "279bc8fc53f788a75c7804af68237d1fce02cde1e275a886a4b320604dc2aeda" +checksum = "44c32f031ea41b4291d695026c023b95d59db2d8a2c7640800ed56bc8f510f22" [[package]] name = "cookie-factory" @@ -152,6 +128,18 @@ dependencies = [ "libc", ] +[[package]] +name = "crypto-bigint" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b32a398eb1ccfbe7e4f452bc749c44d38dd732e9a253f19da224c416f00ee7f4" +dependencies = [ + "generic-array", + "rand_core", + "subtle", + "zeroize", +] + [[package]] name = "crypto-mac" version = "0.11.0" @@ -170,12 +158,11 @@ checksum = "3ee2393c4a91429dffb4bedf19f4d6abf27d8a732c8ce4980305d782e5426d57" [[package]] name = "der" -version = "0.3.5" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2eeb9d92785d1facb50567852ce75d0858630630e7eabea59cf7eb7474051087" +checksum = "49f215f706081a44cb702c71c39a52c05da637822e9c1645a50b7202689e982d" dependencies = [ "const-oid", - "typenum", ] [[package]] @@ -225,9 +212,9 @@ dependencies = [ [[package]] name = "ecdsa" -version = "0.11.1" +version = "0.12.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34d33b390ab82f2e1481e331dbd0530895640179d2128ef9a79cc690b78d1eba" +checksum = "05cb0ed2d2ce37766ac86c05f66973ace8c51f7f1533bedce8fb79e2b54b3f14" dependencies = [ "der", "elliptic-curve", @@ -237,11 +224,11 @@ dependencies = [ [[package]] name = "elliptic-curve" -version = "0.9.12" +version = "0.10.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c13e9b0c3c4170dcc2a12783746c4205d98e18957f57854251eea3f9750fe005" +checksum = "dd035cb119cbc25e91bb6f1abbfe341388ddb47a1fe5e77ca6bcbe231e87580b" dependencies = [ - "bitvec 0.20.4", + "crypto-bigint", "ff", "generic-array", "group", @@ -266,11 +253,10 @@ dependencies = [ [[package]] name = "ff" -version = "0.9.0" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72a4d941a5b7c2a75222e2d44fcdf634a67133d9db31e177ae5ff6ecda852bfe" +checksum = "63eec06c61e487eecf0f7e6e6372e596a81922c28d33e645d6983ca6493a1af0" dependencies = [ - "bitvec 0.20.4", "rand_core", "subtle", ] @@ -315,9 +301,9 @@ dependencies = [ [[package]] name = "group" -version = "0.9.0" +version = "0.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61b3c1e8b4f1ca07e6605ea1be903a5f6956aec5c8a67fd44d56076631675ed8" +checksum = "1c363a5301b8f153d80747126a04b3c82073b9fe3130571a9d170cacdeaf7912" dependencies = [ "ff", "rand_core", @@ -369,15 +355,6 @@ version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" -[[package]] -name = "js-sys" -version = "0.3.51" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83bdfbace3a0e81a4253f73b49e960b053e396a11012cbd49b9b74d6a2b67062" -dependencies = [ - "wasm-bindgen", -] - [[package]] name = "lazy_static" version = "1.4.0" @@ -433,7 +410,7 @@ version = "6.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c5c51b9083a3c620fa67a2a635d1ce7d95b897e957d6b28ff9a5da960a103a6" dependencies = [ - "bitvec 0.19.5", + "bitvec", "funty", "lexical-core", "memchr", @@ -524,9 +501,9 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "p256" -version = "0.8.1" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f05f5287453297c4c16af5e2b04df8fd2a3008d70f252729650bc6d7ace5844" +checksum = "d053368e1bae4c8a672953397bd1bd7183dde1c72b0b7612a15719173148d186" dependencies = [ "ecdsa", "elliptic-curve", @@ -535,9 +512,9 @@ dependencies = [ [[package]] name = "p384" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94e3bfd7d8f202c293072de214ad93480b533985bfee4fa4a13cfdd185fab13d" +checksum = "f23bc88c404ccc881c8a1ad62ba5cd7d336a64ecbf46de4874f2ad955f67b157" dependencies = [ "elliptic-curve", ] @@ -583,9 +560,9 @@ dependencies = [ [[package]] name = "pkcs8" -version = "0.6.1" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9c2f795bc591cb3384cb64082a578b89207ac92bb89c9d98c1ea2ace7cd8110" +checksum = "09d156817ae0125e8aa5067710b0db24f0984830614f99875a70aa5e3b74db69" dependencies = [ "der", "spki", @@ -627,12 +604,6 @@ version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "941ba9d78d8e2f7ce474c015eea4d9c6d25b6a3327f9832ee29a4de27f91bbb8" -[[package]] -name = "radium" -version = "0.6.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "643f8f41a8ebc4c5dc4515c82bb8abd397b527fc20fd681b7c011c2aee5d44fb" - [[package]] name = "rand" version = "0.8.4" @@ -690,21 +661,6 @@ version = "0.6.25" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f497285884f3fcff424ffc933e56d7cbca511def0c9831a7f9b5f6153e3cc89b" -[[package]] -name = "ring" -version = "0.16.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" -dependencies = [ - "cc", - "libc", - "once_cell", - "spin", - "untrusted", - "web-sys", - "winapi", -] - [[package]] name = "rsa" version = "0.4.0" @@ -823,9 +779,9 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" [[package]] name = "spki" -version = "0.3.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9dae7e047abc519c96350e9484a96c6bf1492348af912fd3446dd2dc323f6268" +checksum = "987637c5ae6b3121aba9d513f869bd2bff11c4cc086c22473befd6649c0bd521" dependencies = [ "der", ] @@ -931,12 +887,6 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" -[[package]] -name = "untrusted" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" - [[package]] name = "version_check" version = "0.9.3" @@ -955,70 +905,6 @@ version = "0.10.2+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" -[[package]] -name = "wasm-bindgen" -version = "0.2.74" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d54ee1d4ed486f78874278e63e4069fc1ab9f6a18ca492076ffb90c5eb2997fd" -dependencies = [ - "cfg-if", - "wasm-bindgen-macro", -] - -[[package]] -name = "wasm-bindgen-backend" -version = "0.2.74" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3b33f6a0694ccfea53d94db8b2ed1c3a8a4c86dd936b13b9f0a15ec4a451b900" -dependencies = [ - "bumpalo", - "lazy_static", - "log", - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-macro" -version = "0.2.74" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "088169ca61430fe1e58b8096c24975251700e7b1f6fd91cc9d59b04fb9b18bd4" -dependencies = [ - "quote", - "wasm-bindgen-macro-support", -] - -[[package]] -name = "wasm-bindgen-macro-support" -version = "0.2.74" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be2241542ff3d9f241f5e2cb6dd09b37efe786df8851c54957683a49f0987a97" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-backend", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-shared" -version = "0.2.74" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7cff876b8f18eed75a66cf49b65e7f967cb354a7aa16003fb55dbfd25b44b4f" - -[[package]] -name = "web-sys" -version = "0.3.51" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e828417b379f3df7111d3a2a9e5753706cae29c41f7c4029ee9fd77f3e09e582" -dependencies = [ - "js-sys", - "wasm-bindgen", -] - [[package]] name = "winapi" version = "0.3.9" @@ -1106,7 +992,6 @@ dependencies = [ "p384", "pbkdf2", "pcsc", - "ring", "rsa", "secrecy", "sha-1", diff --git a/Cargo.toml b/Cargo.toml index 09851c57..4783934c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -26,7 +26,7 @@ chrono = "0.4" cookie-factory = "0.3" der-parser = "5" des = "0.7" -elliptic-curve = "0.9" +elliptic-curve = "0.10" getrandom = "0.1" hmac = "0.11" log = "0.4" @@ -35,8 +35,8 @@ num-bigint-dig = { version = "0.7", features = ["rand"], package = "num-bigint-d num-traits = "0.2" num-integer = "0.1" pbkdf2 = { version = "0.8", default-features = false } -p256 = "0.8" -p384 = "0.7" +p256 = "0.9" +p384 = "0.8" pcsc = "2" rsa = "0.4" secrecy = "0.7" @@ -50,7 +50,6 @@ zeroize = "1" [dev-dependencies] env_logger = "0.8" -ring = "0.16.18" lazy_static = "1" [features] diff --git a/README.md b/README.md index 01ff22ac..c18026c9 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ endorsed by Yubico. ## Minimum Supported Rust Version -- Rust **1.46** or newer +Rust **1.51** or newer. ## Supported YubiKeys @@ -152,7 +152,7 @@ Yubico's [yubico-piv-tool], a C library/CLI program. The original library was licensed under a [2-Clause BSD License][BSDL], which this library inherits as a derived work. -Copyright (c) 2014-2020 Yubico AB, Tony Arcieri +Copyright (c) 2014-2021 Yubico AB, Tony Arcieri All rights reserved. Redistribution and use in source and binary forms, with or without @@ -194,7 +194,7 @@ or conditions. [docs-link]: https://docs.rs/yubikey/ [license-image]: https://img.shields.io/badge/license-BSD-blue.svg [license-link]: https://github.com/iqlusioninc/yubikey.rs/blob/main/COPYING -[rustc-image]: https://img.shields.io/badge/rustc-1.46+-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.51+-blue.svg [maintenance-image]: https://img.shields.io/badge/maintenance-experimental-blue.svg [safety-image]: https://img.shields.io/badge/unsafe-forbidden-success.svg [safety-link]: https://github.com/rust-secure-code/safety-dance/ diff --git a/cli/README.md b/cli/README.md index a57b5532..3cc9ee9c 100644 --- a/cli/README.md +++ b/cli/README.md @@ -18,7 +18,7 @@ utility with general-purpose public-key encryption and signing support. ## Minimum Supported Rust Version -- Rust **1.39+** +Rust **1.51** or newer. ## Supported YubiKeys @@ -47,7 +47,7 @@ For more information, please see [CODE_OF_CONDUCT.md][cc-md]. ## License -Copyright (c) 2014-2019 Yubico AB, Tony Arcieri +Copyright (c) 2014-2021 Yubico AB, Tony Arcieri All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/cli/src/lib.rs b/cli/src/lib.rs index 9f97ee3c..cdb68ed1 100644 --- a/cli/src/lib.rs +++ b/cli/src/lib.rs @@ -1,4 +1,4 @@ -//! `yubikey` command-line utility +//! `yubikey` command-line utility. #![forbid(unsafe_code)] #![warn( @@ -22,7 +22,7 @@ use termcolor::{ColorSpec, StandardStreamLock, WriteColor}; use x509_parser::parse_x509_certificate; use yubikey::{certificate::Certificate, key::*, YubiKey}; -///Write information about certificate found in slot a la yubico-piv-tool output. +/// Write information about certificate found in slot a la yubico-piv-tool output. pub fn print_cert_info( yubikey: &mut YubiKey, slot: SlotId, diff --git a/src/lib.rs b/src/lib.rs index ee332cde..b35df9d2 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -14,7 +14,7 @@ //! //! ## Minimum Supported Rust Version //! -//! Rust 1.44+ +//! Rust **1.51** or newer. //! //! ## Supported YubiKeys //! @@ -125,15 +125,9 @@ html_logo_url = "https://raw.githubusercontent.com/iqlusioninc/yubikey.rs/main/img/logo.png", html_root_url = "https://docs.rs/yubikey/0.4.0-pre" )] +#![allow(clippy::upper_case_acronyms)] #![forbid(unsafe_code)] -#![warn( - missing_docs, - rust_2018_idioms, - trivial_casts, - trivial_numeric_casts, - unused_lifetimes, - unused_qualifications -)] +#![warn(missing_docs, rust_2018_idioms, trivial_casts, unused_qualifications)] mod apdu; pub mod cccid; diff --git a/src/yubikey.rs b/src/yubikey.rs index 8b5a5bcc..cc44416b 100644 --- a/src/yubikey.rs +++ b/src/yubikey.rs @@ -231,7 +231,7 @@ impl YubiKey { /// Begin a transaction. pub(crate) fn begin_transaction(&mut self) -> Result, Error> { // TODO(tarcieri): reconnect support - Ok(Transaction::new(&mut self.card)?) + Transaction::new(&mut self.card) } /// Get the name of the associated PC/SC card reader diff --git a/tests/integration.rs b/tests/integration.rs index 4172b1f9..ae05e5d7 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -8,8 +8,11 @@ use lazy_static::lazy_static; use log::trace; use rsa::{hash::Hash::SHA2_256, PaddingScheme, PublicKey}; use sha2::{Digest, Sha256}; -use std::convert::TryInto; -use std::{env, sync::Mutex}; +use std::{ + convert::{TryFrom, TryInto}, + env, + sync::Mutex, +}; use x509::RelativeDistinguishedName; use yubikey::{ certificate::{Certificate, PublicKeyInfo}, @@ -240,9 +243,9 @@ fn generate_self_signed_ec_cert() { let sig_algo_len = data[7 + tbs_cert_len + 1] as usize; let sig_start = 7 + tbs_cert_len + 2 + sig_algo_len + 3; let msg = &data[4..7 + tbs_cert_len]; - let sig = &data[sig_start..]; + let sig = p256::ecdsa::Signature::try_from(&data[sig_start..]).unwrap(); + let vk = p256::ecdsa::VerifyingKey::from_sec1_bytes(pubkey.as_bytes()).unwrap(); - use ring::signature::{UnparsedPublicKey, ECDSA_P256_SHA256_ASN1}; - let ring_pk = UnparsedPublicKey::new(&ECDSA_P256_SHA256_ASN1, pubkey.as_bytes()); - assert!(ring_pk.verify(msg, sig).is_ok()); + use p256::ecdsa::signature::Verifier; + assert!(vk.verify(msg, &sig).is_ok()); }