Update deps (#20)

* Update deps * Fix tests * Update rcgen * Update x509-parser
obelisk · Nov 10, 2023 · 8330b66 · 8330b66
1 parent 50e9dc8
commit 8330b66
Show file tree

Hide file tree

Showing 7 changed files with 37 additions and 28 deletions.
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
@@ -2,9 +2,9 @@ name: macOS + Ubuntu
 
 on:
   push:
-    branches: [ master ]
+    branches: [ main ]
   pull_request:
-    branches: [ master ]
+    branches: [ main ]
 
 env:
   CARGO_TERM_COLOR: always

diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "sshcerts"
-version = "0.12.0"
+version = "0.12.1"
 authors = ["Mitchell Grenier <[email protected]>"]
 edition = "2021"
 license-file = "LICENSE"
@@ -13,7 +13,13 @@ categories = ["authentication"]
 [features]
 default = ["rsa-signing"]
 
-all = ["encrypted-keys", "rsa-signing", "x509-support", "yubikey-support", "fido-support"]
+all = [
+    "encrypted-keys",
+    "rsa-signing",
+    "x509-support",
+    "yubikey-support",
+    "fido-support",
+]
 
 encrypted-keys = ["aes", "bcrypt-pbkdf", "ctr"]
 
@@ -28,29 +34,29 @@ yubikey-lite = ["x509-support"]
 
 [dependencies]
 base64 = "0.13"
-ring = "0.16"
-zeroize = {version = "1", features = ["zeroize_derive"]}
+ring = "0.17"
+zeroize = { version = "1", features = ["zeroize_derive"] }
 
 # Dependencies for rsa-signing
-simple_asn1 = {version = "0.5", optional = true}
-num-bigint = {version = "0.4", optional = true}
+simple_asn1 = { version = "0.5", optional = true }
+num-bigint = { version = "0.4", optional = true }
 
 # Dependencies for yubikey-support
-yubikey = {version = "0.7", features = ["untested"], optional = true}
-lexical-core = {version = ">0.7.4", optional = true}
-rcgen = {version = "0.10", optional = true}
-x509 = {version = "0.2", optional = true}
-x509-parser = {version = "0.13", features = ["verify"], optional = true}
-der-parser = {version = "5", optional = true}
+yubikey = { version = "0.7", features = ["untested"], optional = true }
+lexical-core = { version = ">0.7.4", optional = true }
+rcgen = { version = "0.11", optional = true }
+x509 = { version = "0.2", optional = true }
+x509-parser = { version = "0.15", features = ["verify"], optional = true }
+der-parser = { version = "5", optional = true }
 
 # Dependencies for encrypted-keys
-aes = {version = "0.7", features = ["ctr"], optional = true}
-bcrypt-pbkdf = {version = "0.6", optional = true}
-ctr = {version = "0.8", optional = true}
+aes = { version = "0.7", features = ["ctr"], optional = true }
+bcrypt-pbkdf = { version = "0.6", optional = true }
+ctr = { version = "0.8", optional = true }
 
 # Dependencies for fido-support
-ctap-hid-fido2 = {version = "3", optional = true}
-minicbor = {version = "0.13", optional = true}
+ctap-hid-fido2 = { version = "3", optional = true }
+minicbor = { version = "0.13", optional = true }
 #ctap-hid-fido2 = {git = "https://github.com/gebogebogebo/ctap-hid-fido2", branch="master", optional = true}
 #ctap-hid-fido2 = {git = "https://github.com/obelisk/ctap-hid-fido2", branch="device_by_path", optional = true}
 #ctap-hid-fido2 = {path = "../ctap-hid-fido2", optional = true}

diff --git a/src/fido/verification.rs b/src/fido/verification.rs
@@ -172,7 +172,7 @@ pub fn verify_auth_data(
                 .to_vec();
 
             // Generate the data that was signed by the intermediate
-            let mut signed_data = auth_data.clone().to_vec();
+            let mut signed_data = auth_data.to_vec();
             signed_data.append(&mut digest::digest(&digest::SHA256, challenge).as_ref().to_vec());
 
             // Validate signature was generated by the now validated intermediate

diff --git a/src/ssh/privkey.rs b/src/ssh/privkey.rs
@@ -233,8 +233,7 @@ impl super::SSHCertificateSigner for PrivateKey {
                     Err(_) => return None,
                 };
 
-                let rng = rand::SystemRandom::new();
-                let mut signature = vec![0; keypair.public_modulus_len()];
+                let mut signature = vec![0; keypair.public().modulus_len()];
 
                 keypair
                     .sign(&signature::RSA_PKCS1_SHA512, &rng, buffer, &mut signature)
@@ -262,7 +261,7 @@ impl super::SSHCertificateSigner for PrivateKey {
                     &key.key
                 };
                 let key_pair = match signature::EcdsaKeyPair::from_private_key_and_public_key(
-                    alg, key, pubkey,
+                    alg, key, pubkey, &rng
                 ) {
                     Ok(kp) => kp,
                     Err(_) => return None,

diff --git a/src/x509/mod.rs b/src/x509/mod.rs
@@ -110,7 +110,7 @@ fn convert_x509_pki_to_pubkey(
                 .ok_or(Error::ParsingError)?;
 
             let curve_oid = algorithm_parameters
-                .as_oid_val()
+                .as_oid()
                 .map_err(|_| Error::ParsingError)?;
 
             match curve_oid.to_string().as_str() {

diff --git a/tests/cert-creation-parse.rs b/tests/cert-creation-parse.rs
@@ -40,12 +40,13 @@ const ECDSA384_SSH_PUBLIC_KEY: &str = concat!(
 // Test signing and parsing work together
 fn test_ecdsa256_signer(buf: &[u8]) -> Option<Vec<u8>> {
     let pkcs8_bytes = hex::decode(ECDSA256_CA_PRIVATE_KEY).unwrap();
+    let rng = rand::SystemRandom::new();
     let key_pair = signature::EcdsaKeyPair::from_pkcs8(
         &signature::ECDSA_P256_SHA256_ASN1_SIGNING,
         pkcs8_bytes.as_ref(),
+	&rng,
     )
     .unwrap();
-    let rng = rand::SystemRandom::new();
 
     let pubkey = PublicKey::from_string(ECDSA256_SSH_PUBLIC_KEY).unwrap();
     format_signature_for_ssh(&pubkey, key_pair.sign(&rng, buf).ok()?.as_ref())
@@ -54,12 +55,13 @@ fn test_ecdsa256_signer(buf: &[u8]) -> Option<Vec<u8>> {
 // Test signing and parsing work together
 fn test_ecdsa384_signer(buf: &[u8]) -> Option<Vec<u8>> {
     let pkcs8_bytes = hex::decode(ECDSA384_CA_PRIVATE_KEY).unwrap();
+    let rng = rand::SystemRandom::new();
     let key_pair = signature::EcdsaKeyPair::from_pkcs8(
         &signature::ECDSA_P384_SHA384_ASN1_SIGNING,
         pkcs8_bytes.as_ref(),
+	&rng,
     )
     .unwrap();
-    let rng = rand::SystemRandom::new();
 
     let pubkey = PublicKey::from_string(ECDSA384_SSH_PUBLIC_KEY).unwrap();
     format_signature_for_ssh(&pubkey, key_pair.sign(&rng, buf).ok()?.as_ref())

diff --git a/tests/cert-creation.rs b/tests/cert-creation.rs
@@ -38,12 +38,13 @@ const ECDSA384_SSH_PUBLIC_KEY: &str = concat!(
 // Test signing and parsing work together
 fn test_ecdsa256_signer(buf: &[u8]) -> Option<Vec<u8>> {
     let pkcs8_bytes = hex::decode(ECDSA256_CA_PRIVATE_KEY).unwrap();
+    let rng = rand::SystemRandom::new();
     let key_pair = signature::EcdsaKeyPair::from_pkcs8(
         &signature::ECDSA_P256_SHA256_ASN1_SIGNING,
         pkcs8_bytes.as_ref(),
+    	&rng,
     )
     .unwrap();
-    let rng = rand::SystemRandom::new();
 
     let pubkey = PublicKey::from_string(ECDSA256_SSH_PUBLIC_KEY).unwrap();
     format_signature_for_ssh(&pubkey, key_pair.sign(&rng, buf).ok()?.as_ref())
@@ -52,12 +53,13 @@ fn test_ecdsa256_signer(buf: &[u8]) -> Option<Vec<u8>> {
 // Test signing and parsing work together
 fn test_ecdsa384_signer(buf: &[u8]) -> Option<Vec<u8>> {
     let pkcs8_bytes = hex::decode(ECDSA384_CA_PRIVATE_KEY).unwrap();
+    let rng = rand::SystemRandom::new();
     let key_pair = signature::EcdsaKeyPair::from_pkcs8(
         &signature::ECDSA_P384_SHA384_ASN1_SIGNING,
         pkcs8_bytes.as_ref(),
+	&rng,
     )
     .unwrap();
-    let rng = rand::SystemRandom::new();
 
     let pubkey = PublicKey::from_string(ECDSA384_SSH_PUBLIC_KEY).unwrap();
     format_signature_for_ssh(&pubkey, key_pair.sign(&rng, buf).ok()?.as_ref())