From f9bff59420cbf9cf4dd0900c362eb7a4c9c7932e Mon Sep 17 00:00:00 2001 From: Wei Liu Date: Thu, 12 Sep 2024 11:38:15 +0800 Subject: [PATCH] Upgrade der to version 0.7.9 Signed-off-by: Wei Liu --- Cargo.lock | 288 ++++++++-------- src/attestation/Cargo.toml | 2 +- src/attestation/src/root_ca.rs | 2 +- src/crypto/Cargo.toml | 2 +- src/crypto/fuzz/Cargo.toml | 2 +- src/crypto/fuzz/fuzz_targets/afl_certchain.rs | 2 +- src/crypto/fuzz/fuzz_targets/certchain.rs | 2 +- src/crypto/src/ek_cert.rs | 50 +-- src/crypto/src/resolve.rs | 46 +-- src/crypto/src/x509.rs | 317 ++++-------------- src/vtpmtd/Cargo.toml | 2 +- 11 files changed, 257 insertions(+), 458 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index dcb441b..b3e0b0b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4,19 +4,19 @@ version = 3 [[package]] name = "anyhow" -version = "1.0.82" +version = "1.0.88" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f538837af36e6f6a9be0faa67f9a314f8119e4e4b5867c6ab40ed60360142519" +checksum = "4e1496f8fb1fbf272686b8d37f523dab3e4a7443300055e74cdaa449f3114356" [[package]] name = "async-trait" -version = "0.1.80" +version = "0.1.82" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6fa2087f2753a7da8cc1c0dbfcf89579dd57458e36769de5ac750b4671737ca" +checksum = "a27b8a3a6e1a44fa4c8baf1f653e4172e81486d4941f2237e20dc2d0cf4ddff1" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.77", ] [[package]] @@ -24,17 +24,17 @@ name = "attestation" version = "0.1.0" dependencies = [ "crypto", - "der 0.5.1", - "spin 0.9.8", + "der 0.7.9", + "spin", "td-payload", "tdx-tdcall", ] [[package]] name = "autocfg" -version = "1.2.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1fdabc7756949593fe60f30ec81974b613357de856987752631dea1e3394c80" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "bit_field" @@ -62,9 +62,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.5.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" [[package]] name = "bitmap-allocator" @@ -91,15 +91,18 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.6.0" +version = "1.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" +checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50" [[package]] name = "cc" -version = "1.0.95" +version = "1.1.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d32a725bc159af97c3e629873bb9f88fb8cf8a4867175f76dc987815ea07c83b" +checksum = "b62ac837cdb5cb22e10a256099b4fc502b1dfe560cb282963a974d7abd80e476" +dependencies = [ + "shlex", +] [[package]] name = "cc-measurement" @@ -136,15 +139,15 @@ checksum = "e763eef8846b13b380f37dfecda401770b0ca4e56e95170237bd7c25c7db3582" [[package]] name = "const-oid" -version = "0.7.1" +version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e4c78c047431fee22c1a7bb92e00ad095a02a983affe4d8a72e2a2c62c1b94f3" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "cpufeatures" -version = "0.2.12" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" +checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" dependencies = [ "libc", ] @@ -154,7 +157,7 @@ name = "crypto" version = "0.1.0" dependencies = [ "bytes", - "der 0.5.1", + "der 0.7.9", "global", "log", "ring", @@ -184,12 +187,13 @@ dependencies = [ [[package]] name = "der" -version = "0.5.1" +version = "0.7.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6919815d73839e7ad218de758883aae3a257ba6759ce7a9992501efbb53d705c" +checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" dependencies = [ "const-oid", - "der_derive 0.5.0", + "der_derive 0.7.3", + "zeroize", ] [[package]] @@ -206,14 +210,13 @@ dependencies = [ [[package]] name = "der_derive" -version = "0.5.0" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3a538f3d2b39aefb242d2d9d91cf188818652b7b40095dcd8964d389bdb984ff" +checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18" dependencies = [ - "proc-macro-error", "proc-macro2", "quote", - "syn 1.0.109", + "syn 2.0.77", ] [[package]] @@ -237,15 +240,15 @@ dependencies = [ [[package]] name = "either" -version = "1.11.0" +version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a47c1c47d2f5964e29c61246e81db715514cd532db6b5116a25ea3c03d6780a2" +checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" [[package]] name = "errno" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a258e46cdc063eb8519c00b9fc845fc47bcfca4130e2f08e88665ceda8474245" +checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" dependencies = [ "libc", "windows-sys 0.52.0", @@ -335,9 +338,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.14" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94b22e06ecb0110981051723910cbf0b5f5e09a2062dd7663334ee79a9d1286c" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if", "libc", @@ -349,7 +352,7 @@ name = "global" version = "0.1.0" dependencies = [ "lazy_static", - "spin 0.9.8", + "spin", "zeroize", ] @@ -370,18 +373,18 @@ checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" [[package]] name = "lazy_static" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" dependencies = [ - "spin 0.5.2", + "spin", ] [[package]] name = "libc" -version = "0.2.153" +version = "0.2.158" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" +checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" [[package]] name = "linked_list_allocator" @@ -394,15 +397,15 @@ dependencies = [ [[package]] name = "linux-raw-sys" -version = "0.4.13" +version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" +checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" [[package]] name = "lock_api" -version = "0.4.11" +version = "0.4.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45" +checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17" dependencies = [ "autocfg", "scopeguard", @@ -410,9 +413,9 @@ dependencies = [ [[package]] name = "log" -version = "0.4.21" +version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" +checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" [[package]] name = "maybe-async" @@ -422,9 +425,15 @@ checksum = "5cf92c10c7e361d6b99666ec1c6f9805b0bea2c3bd8c78dc6fe98ac5bd78db11" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.77", ] +[[package]] +name = "memchr" +version = "2.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" + [[package]] name = "num-conv" version = "0.1.0" @@ -439,9 +448,9 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "paste" -version = "1.0.14" +version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" [[package]] name = "pin-project-lite" @@ -461,35 +470,11 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" -[[package]] -name = "proc-macro-error" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" -dependencies = [ - "proc-macro-error-attr", - "proc-macro2", - "quote", - "syn 1.0.109", - "version_check", -] - -[[package]] -name = "proc-macro-error-attr" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" -dependencies = [ - "proc-macro2", - "quote", - "version_check", -] - [[package]] name = "proc-macro2" -version = "1.0.81" +version = "1.0.86" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3d1597b0c024618f09a9c3b8655b7e430397a36d23fdafec26d6965e9eec3eba" +checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77" dependencies = [ "unicode-ident", ] @@ -506,9 +491,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.36" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -535,7 +520,7 @@ dependencies = [ "cc", "getrandom", "libc", - "spin 0.9.8", + "spin", "untrusted", "windows-sys 0.48.0", ] @@ -549,11 +534,11 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.34" +version = "0.38.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" +checksum = "8acb788b847c24f28525660c4d7758620a7210875711f79e7f663cc152726811" dependencies = [ - "bitflags 2.5.0", + "bitflags 2.6.0", "errno", "libc", "linux-raw-sys", @@ -562,15 +547,15 @@ dependencies = [ [[package]] name = "rustversion" -version = "1.0.15" +version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "80af6f9131f277a45a3fba6ce8e2258037bb0477a67e610d3c1fe046ab31de47" +checksum = "955d28af4278de8121b7ebeb796b6a45735dc01436d898801014aced2773a3d6" [[package]] name = "ryu" -version = "1.0.17" +version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e86697c916019a8588c99b5fac3cead74ec0b4b819707a682fd4d23fa0ce1ba1" +checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" [[package]] name = "scopeguard" @@ -600,31 +585,32 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.198" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9846a40c979031340571da2545a4e5b7c4163bdae79b301d5f86d03979451fcc" +checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.198" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e88edab869b01783ba905e7d0153f9fc1a6505a96e4ad3018011eedb838566d9" +checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.77", ] [[package]] name = "serde_json" -version = "1.0.116" +version = "1.0.128" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e17db7126d17feb94eb3fad46bf1a96b034e8aacbc2e775fe81505f8b0b2813" +checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8" dependencies = [ "itoa", + "memchr", "ryu", "serde", ] @@ -640,6 +626,12 @@ dependencies = [ "digest", ] +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + [[package]] name = "spdm" version = "0.1.0" @@ -652,7 +644,7 @@ dependencies = [ "protocol", "ring", "spdmlib", - "spin 0.9.8", + "spin", "td-exception", "td-payload", "tdtunnel", @@ -677,19 +669,13 @@ dependencies = [ "ring", "serde", "serde_json", - "spin 0.9.8", + "spin", "sys_time", "untrusted", "webpki", "zeroize", ] -[[package]] -name = "spin" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" - [[package]] name = "spin" version = "0.9.8" @@ -721,9 +707,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.60" +version = "2.0.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "909518bc7b1c9b779f1bbf07f2929d35af9f0f37e47c6e9ef7f9dddc1e1821f3" +checksum = "9f35bcdf61fd8e7be6caf75f429fdca8beb3ed76584befb503b1569faee373ed" dependencies = [ "proc-macro2", "quote", @@ -757,7 +743,7 @@ dependencies = [ "lazy_static", "linked_list_allocator", "log", - "spin 0.9.8", + "spin", ] [[package]] @@ -767,7 +753,7 @@ dependencies = [ "bitflags 1.3.2", "lazy_static", "log", - "spin 0.9.8", + "spin", "tdx-tdcall", "x86_64", ] @@ -795,7 +781,7 @@ version = "0.1.0" dependencies = [ "lazy_static", "log", - "spin 0.9.8", + "spin", "tdx-tdcall", ] @@ -805,7 +791,7 @@ version = "0.1.0" dependencies = [ "bitfield", "log", - "spin 0.9.8", + "spin", "td-layout", "x86", "x86_64", @@ -823,7 +809,7 @@ dependencies = [ "scroll", "serde", "serde_json", - "spin 0.9.8", + "spin", "td-benchmark", "td-exception", "td-logger", @@ -887,7 +873,7 @@ dependencies = [ "lazy_static", "log", "scroll", - "spin 0.9.8", + "spin", "x86_64", ] @@ -921,7 +907,7 @@ dependencies = [ "log", "ring", "rust-tpm-20-ref", - "spin 0.9.8", + "spin", "tdx-tdcall", "time", "x86_64", @@ -935,15 +921,15 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unicode-ident" -version = "1.0.12" +version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe" [[package]] name = "unicode-xid" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" +checksum = "229730647fbc343e3a80e463c1db7f78f3855d3f3739bee0dda773c9a037c90a" [[package]] name = "untrusted" @@ -953,9 +939,9 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" [[package]] name = "version_check" -version = "0.9.4" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" [[package]] name = "volatile" @@ -977,7 +963,7 @@ dependencies = [ "codec", "conquer-once", "crypto", - "der 0.5.1", + "der 0.7.9", "eventlog", "global", "lazy_static", @@ -990,7 +976,7 @@ dependencies = [ "sha2", "spdm", "spdmlib", - "spin 0.9.8", + "spin", "td-benchmark", "td-exception", "td-layout", @@ -1050,7 +1036,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -1070,18 +1056,18 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ - "windows_aarch64_gnullvm 0.52.5", - "windows_aarch64_msvc 0.52.5", - "windows_i686_gnu 0.52.5", + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", "windows_i686_gnullvm", - "windows_i686_msvc 0.52.5", - "windows_x86_64_gnu 0.52.5", - "windows_x86_64_gnullvm 0.52.5", - "windows_x86_64_msvc 0.52.5", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", ] [[package]] @@ -1092,9 +1078,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" @@ -1104,9 +1090,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" @@ -1116,15 +1102,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" [[package]] name = "windows_i686_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" @@ -1134,9 +1120,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" @@ -1146,9 +1132,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" @@ -1158,9 +1144,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" @@ -1170,9 +1156,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "x86" @@ -1192,16 +1178,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "96cb6fd45bfeab6a5055c5bffdb08768bd0c069f1d946debe585bbb380a7c062" dependencies = [ "bit_field 0.10.2", - "bitflags 2.5.0", + "bitflags 2.6.0", "rustversion", "volatile", ] [[package]] name = "zerocopy" -version = "0.7.32" +version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74d4d3961e53fa4c9a25a8637fc2bfaf2595b3d3ae34875568a5cf64787716be" +checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" dependencies = [ "byteorder", "zerocopy-derive", @@ -1209,20 +1195,20 @@ dependencies = [ [[package]] name = "zerocopy-derive" -version = "0.7.32" +version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ce1b18ccd8e73a9321186f97e46f9f04b778851177567b1975109d26a08d2a6" +checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.77", ] [[package]] name = "zeroize" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" dependencies = [ "zeroize_derive", ] @@ -1235,5 +1221,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.60", + "syn 2.0.77", ] diff --git a/src/attestation/Cargo.toml b/src/attestation/Cargo.toml index c298ca0..cf49781 100644 --- a/src/attestation/Cargo.toml +++ b/src/attestation/Cargo.toml @@ -7,7 +7,7 @@ edition = "2021" [dependencies] crypto = { path = "../crypto" } -der = { version = "0.5.1", features = ["oid", "alloc", "derive"] } +der = { version = "0.7.9", features = ["oid", "alloc", "derive"] } spin = "0.9.2" tdx-tdcall = { path = "../../deps/td-shim/tdx-tdcall"} td-payload = { path = "../../deps/td-shim/td-payload", features = ["tdx"] } diff --git a/src/attestation/src/root_ca.rs b/src/attestation/src/root_ca.rs index c14cfbc..1debee0 100644 --- a/src/attestation/src/root_ca.rs +++ b/src/attestation/src/root_ca.rs @@ -3,7 +3,7 @@ // SPDX-License-Identifier: BSD-2-Clause-Patent use crypto::x509::Certificate; -use der::Decodable; +use der::Decode; use spin::Once; use crate::Error; diff --git a/src/crypto/Cargo.toml b/src/crypto/Cargo.toml index d2b5fa1..6616184 100644 --- a/src/crypto/Cargo.toml +++ b/src/crypto/Cargo.toml @@ -7,7 +7,7 @@ edition = "2021" [dependencies] bytes = { version="1", default-features=false } -der = {version = "0.5.1", features = ["oid", "alloc", "derive"]} +der = {version = "0.7.9", features = ["oid", "alloc", "derive"]} global = { path = "../global" } log = "0.4.13" ring = { version = "0.17.6" } diff --git a/src/crypto/fuzz/Cargo.toml b/src/crypto/fuzz/Cargo.toml index daa3e70..2d857ed 100644 --- a/src/crypto/fuzz/Cargo.toml +++ b/src/crypto/fuzz/Cargo.toml @@ -13,7 +13,7 @@ libfuzzer-sys = {version = "0.4", optional = true } afl = {version = "*", optional = true } log = "0.4.13" arbitrary = "=1.1.3" -der = {version = "0.5.1", features = ["oid", "alloc", "derive"]} +der = {version = "0.7.9", features = ["oid", "alloc", "derive"]} serde = "=1.0.198" [dependencies.crypto] diff --git a/src/crypto/fuzz/fuzz_targets/afl_certchain.rs b/src/crypto/fuzz/fuzz_targets/afl_certchain.rs index e515a70..9a088e1 100644 --- a/src/crypto/fuzz/fuzz_targets/afl_certchain.rs +++ b/src/crypto/fuzz/fuzz_targets/afl_certchain.rs @@ -1,6 +1,6 @@ use crypto::resolve::{get_cert_from_certchain, parse_extensions}; use crypto::x509::Certificate; -use der::Decodable; +use der::Decode; fn main() { diff --git a/src/crypto/fuzz/fuzz_targets/certchain.rs b/src/crypto/fuzz/fuzz_targets/certchain.rs index c1d09d7..0f30061 100644 --- a/src/crypto/fuzz/fuzz_targets/certchain.rs +++ b/src/crypto/fuzz/fuzz_targets/certchain.rs @@ -3,7 +3,7 @@ use libfuzzer_sys::fuzz_target; use crypto::resolve::{get_cert_from_certchain, parse_extensions}; use crypto::x509::Certificate; -use der::Decodable; +use der::Decode; fuzz_target!(|data: &[u8]| { // fuzzed code goes here diff --git a/src/crypto/src/ek_cert.rs b/src/crypto/src/ek_cert.rs index 2291ed4..5a12985 100644 --- a/src/crypto/src/ek_cert.rs +++ b/src/crypto/src/ek_cert.rs @@ -3,8 +3,8 @@ // SPDX-License-Identifier: Apache-2.0 use alloc::vec; -use der::asn1::{BitString, ObjectIdentifier, OctetString, SetOfVec, Utf8String}; -use der::{Any, Encodable, Tag}; +use der::asn1::{BitStringRef, ObjectIdentifier, OctetStringRef, SetOfVec, Utf8StringRef}; +use der::{AnyRef, Encode, Tag}; use global::GLOBAL_TPM_DATA; use ring::digest; use ring::rand::SystemRandom; @@ -21,10 +21,10 @@ use crate::{ x509::{AlgorithmIdentifier, X509Error}, }; -const SUBJECT_ALT_NAME: ObjectIdentifier = ObjectIdentifier::new("2.5.29.17"); -const TCG_TPM_MANUFACTURER: ObjectIdentifier = ObjectIdentifier::new("2.23.133.2.1"); -const TCG_TPM_MODEL: ObjectIdentifier = ObjectIdentifier::new("2.23.133.2.2"); -const TCG_TPM_VERSION: ObjectIdentifier = ObjectIdentifier::new("2.23.133.2.3"); +const SUBJECT_ALT_NAME: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.17"); +const TCG_TPM_MANUFACTURER: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.23.133.2.1"); +const TCG_TPM_MODEL: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.23.133.2.2"); +const TCG_TPM_VERSION: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.23.133.2.3"); pub fn generate_ca_cert( td_quote: &[u8], @@ -41,7 +41,7 @@ pub fn generate_ca_cert( // Generate x.509 certificate let algorithm = AlgorithmIdentifier { algorithm: ID_EC_PUBKEY_OID, - parameters: Some(Any::new(Tag::ObjectIdentifier, SECP384R1_OID.as_bytes()).unwrap()), + parameters: Some(AnyRef::new(Tag::ObjectIdentifier, SECP384R1_OID.as_bytes()).unwrap()), }; let sig_alg = AlgorithmIdentifier { @@ -52,13 +52,13 @@ pub fn generate_ca_cert( // extended key usage let eku: alloc::vec::Vec = vec![VTPMTD_CA_EXTENDED_KEY_USAGE]; let eku = eku - .to_vec() + .to_der() .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e)))?; // basic constrains let basic_constrains: alloc::vec::Vec = vec![true]; let basic_constrains = basic_constrains - .to_vec() + .to_der() .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e)))?; let x509_certificate = x509::CertificateBuilder::new( @@ -95,19 +95,19 @@ pub fn generate_ca_cert( .build(); x509_certificate - .to_vec() + .to_der() .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e))) } fn gen_auth_key_identifier(ek_pub: &[u8]) -> Result, ResolveError> { // authority key identifier let ek_pub_sha1 = digest::digest(&digest::SHA1_FOR_LEGACY_USE_ONLY, ek_pub); - let pub_sha1 = OctetString::new(ek_pub_sha1.as_ref()) + let pub_sha1 = OctetStringRef::new(ek_pub_sha1.as_ref()) .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e)))?; let auth_key_identifier: AuthorityKeyIdentifier = AuthorityKeyIdentifier(pub_sha1); let auth_key_identifier = vec![auth_key_identifier]; auth_key_identifier - .to_vec() + .to_der() .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e))) } @@ -117,9 +117,9 @@ fn gen_subject_alt_name() -> Result, ResolveError> { let mut tcg_tpm_manufaturer = SetOfVec::new(); let mut manufacturer = alloc::vec::Vec::new(); manufacturer.extend_from_slice(&tpm2_caps.manufacturer.to_be_bytes()); - let _ = tcg_tpm_manufaturer.add(DistinguishedName { + let _ = tcg_tpm_manufaturer.insert(DistinguishedName { attribute_type: TCG_TPM_MANUFACTURER, - value: Utf8String::new(manufacturer.as_slice()).unwrap().into(), + value: Utf8StringRef::new(manufacturer.as_slice()).unwrap().into(), }); let mut tcg_tpm_model = SetOfVec::new(); @@ -128,25 +128,25 @@ fn gen_subject_alt_name() -> Result, ResolveError> { model.extend_from_slice(&tpm2_caps.vendor_2.to_be_bytes()); model.extend_from_slice(&tpm2_caps.vendor_3.to_be_bytes()); model.extend_from_slice(&tpm2_caps.vendor_4.to_be_bytes()); - let _ = tcg_tpm_model.add(DistinguishedName { + let _ = tcg_tpm_model.insert(DistinguishedName { attribute_type: TCG_TPM_MODEL, - value: Utf8String::new(model.as_slice()).unwrap().into(), + value: Utf8StringRef::new(model.as_slice()).unwrap().into(), }); let mut tcg_tpm_version = SetOfVec::new(); let mut version = alloc::vec::Vec::new(); version.extend_from_slice(&tpm2_caps.version_1.to_be_bytes()); version.extend_from_slice(&tpm2_caps.version_2.to_be_bytes()); - let _ = tcg_tpm_version.add(DistinguishedName { + let _ = tcg_tpm_version.insert(DistinguishedName { attribute_type: TCG_TPM_VERSION, - value: Utf8String::new(version.as_slice()).unwrap().into(), + value: Utf8StringRef::new(version.as_slice()).unwrap().into(), }); let sub_alt_name = vec![tcg_tpm_manufaturer, tcg_tpm_model, tcg_tpm_version]; let sub_alt_name: SubjectAltName = SubjectAltName(sub_alt_name); let sub_alt_name = vec![sub_alt_name]; sub_alt_name - .to_vec() + .to_der() .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e))) } @@ -164,7 +164,7 @@ pub fn generate_ek_cert( // Generate x.509 certificate let algorithm = AlgorithmIdentifier { algorithm: ID_EC_PUBKEY_OID, - parameters: Some(Any::new(Tag::ObjectIdentifier, SECP384R1_OID.as_bytes()).unwrap()), + parameters: Some(AnyRef::new(Tag::ObjectIdentifier, SECP384R1_OID.as_bytes()).unwrap()), }; let sig_alg = AlgorithmIdentifier { @@ -175,13 +175,13 @@ pub fn generate_ek_cert( // basic constrains let basic_constrains: alloc::vec::Vec = vec![false]; let basic_constrains = basic_constrains - .to_vec() + .to_der() .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e)))?; // extended key usage let eku: alloc::vec::Vec = vec![TCG_EK_CERTIFICATE]; let eku = eku - .to_vec() + .to_der() .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e)))?; // authority key identifier @@ -189,10 +189,10 @@ pub fn generate_ek_cert( // follow ek-credential spec Section 3.2. // keyAgreement (4) refers to https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.3 - let ku = BitString::new(0, &[0x08]) + let ku = BitStringRef::new(0, &[0x08]) .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e)))?; let ku = ku - .to_vec() + .to_der() .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e)))?; // subject alt name @@ -228,6 +228,6 @@ pub fn generate_ek_cert( .build(); x509_certificate - .to_vec() + .to_der() .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e))) } diff --git a/src/crypto/src/resolve.rs b/src/crypto/src/resolve.rs index b1058fe..e826a9d 100644 --- a/src/crypto/src/resolve.rs +++ b/src/crypto/src/resolve.rs @@ -8,7 +8,7 @@ use super::x509::{AlgorithmIdentifier, ExtendedKeyUsage, Extensions}; use crate::x509::Certificate; use alloc::vec; use der::asn1::ObjectIdentifier; -use der::{Any, Decodable, Encodable, Tag}; +use der::{AnyRef, Decode, Encode, Tag}; use ring::digest; use ring::pkcs8::Document; use ring::rand::SystemRandom; @@ -17,46 +17,46 @@ use spdmlib::error::{SpdmResult, SPDM_STATUS_INVALID_CERT}; use tdx_tdcall::tdreport::TD_REPORT_SIZE; -pub const BASIC_CONSTRAINTS: ObjectIdentifier = ObjectIdentifier::new("2.5.29.19"); -pub const SUBJECT_KEY_IDENTIFIER: ObjectIdentifier = ObjectIdentifier::new("2.5.29.14"); -pub const KEY_USAGE: ObjectIdentifier = ObjectIdentifier::new("2.5.29.15"); -pub const AUTHORITY_KEY_IDENTIFIER: ObjectIdentifier = ObjectIdentifier::new("2.5.29.35"); -pub const EXTENDED_KEY_USAGE: ObjectIdentifier = ObjectIdentifier::new("2.5.29.37"); +pub const BASIC_CONSTRAINTS: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.19"); +pub const SUBJECT_KEY_IDENTIFIER: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.14"); +pub const KEY_USAGE: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.15"); +pub const AUTHORITY_KEY_IDENTIFIER: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.35"); +pub const EXTENDED_KEY_USAGE: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.37"); pub const VTPMTD_EXTENDED_KEY_USAGE: ObjectIdentifier = - ObjectIdentifier::new("2.16.840.1.113741.1.5.5.2.1"); + ObjectIdentifier::new_unwrap("2.16.840.1.113741.1.5.5.2.1"); pub const VTPMTD_CA_EXTENDED_KEY_USAGE: ObjectIdentifier = - ObjectIdentifier::new("2.16.840.1.113741.1.5.5.2.5"); + ObjectIdentifier::new_unwrap("2.16.840.1.113741.1.5.5.2.5"); pub const EXTNID_VTPMTD_REPORT: ObjectIdentifier = - ObjectIdentifier::new("2.16.840.1.113741.1.5.5.2.4"); + ObjectIdentifier::new_unwrap("2.16.840.1.113741.1.5.5.2.4"); pub const EXTNID_VTPMTD_QUOTE: ObjectIdentifier = - ObjectIdentifier::new("2.16.840.1.113741.1.5.5.2.2"); + ObjectIdentifier::new_unwrap("2.16.840.1.113741.1.5.5.2.2"); pub const EXTNID_VTPMTD_EVENT_LOG: ObjectIdentifier = - ObjectIdentifier::new("2.16.840.1.113741.1.5.5.2.3"); + ObjectIdentifier::new_unwrap("2.16.840.1.113741.1.5.5.2.3"); pub const TDVF_EXTENDED_KEY_USAGE: ObjectIdentifier = - ObjectIdentifier::new("2.16.840.1.113741.1.5.5.3.1"); + ObjectIdentifier::new_unwrap("2.16.840.1.113741.1.5.5.3.1"); pub const EXTNID_TDVF_REPORT: ObjectIdentifier = - ObjectIdentifier::new("2.16.840.1.113741.1.5.5.3.4"); + ObjectIdentifier::new_unwrap("2.16.840.1.113741.1.5.5.3.4"); pub const EXTNID_TDVF_QUOTE: ObjectIdentifier = - ObjectIdentifier::new("2.16.840.1.113741.1.5.5.3.2"); + ObjectIdentifier::new_unwrap("2.16.840.1.113741.1.5.5.3.2"); -pub const SERVER_AUTH: ObjectIdentifier = ObjectIdentifier::new("1.3.6.1.5.5.7.3.1"); -pub const CLIENT_AUTH: ObjectIdentifier = ObjectIdentifier::new("1.3.6.1.5.5.7.3.2"); +pub const SERVER_AUTH: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.1"); +pub const CLIENT_AUTH: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.2"); -pub const TCG_EK_CERTIFICATE: ObjectIdentifier = ObjectIdentifier::new("2.23.133.8.1"); +pub const TCG_EK_CERTIFICATE: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.23.133.8.1"); // As specified in https://datatracker.ietf.org/doc/html/rfc5480#appendix-A // id-ecPublicKey OBJECT IDENTIFIER ::= { // iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 // } -pub const ID_EC_PUBKEY_OID: ObjectIdentifier = ObjectIdentifier::new("1.2.840.10045.2.1"); +pub const ID_EC_PUBKEY_OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.10045.2.1"); // secp384r1 OBJECT IDENTIFIER ::= { // iso(1) identified-organization(3) certicom(132) curve(0) 34 // } -pub const SECP384R1_OID: ObjectIdentifier = ObjectIdentifier::new("1.3.132.0.34"); +pub const SECP384R1_OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.132.0.34"); -pub const ID_EC_SIG_OID: ObjectIdentifier = ObjectIdentifier::new("1.2.840.10045.4.3.3"); +pub const ID_EC_SIG_OID: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.10045.4.3.3"); #[derive(Debug)] pub enum ResolveError { @@ -115,7 +115,7 @@ pub fn generate_certificate( // Generate x.509 certificate let algorithm = AlgorithmIdentifier { algorithm: ID_EC_PUBKEY_OID, - parameters: Some(Any::new(Tag::ObjectIdentifier, SECP384R1_OID.as_bytes()).unwrap()), + parameters: Some(AnyRef::new(Tag::ObjectIdentifier, SECP384R1_OID.as_bytes()).unwrap()), }; let sig_alg = AlgorithmIdentifier { @@ -125,7 +125,7 @@ pub fn generate_certificate( let eku = vec![VTPMTD_EXTENDED_KEY_USAGE]; let eku = eku - .to_vec() + .to_der() .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e)))?; let x509_certificate = x509::CertificateBuilder::new(sig_alg, algorithm, key_pair.public_key().as_ref(), true)? @@ -152,7 +152,7 @@ pub fn generate_certificate( .build(); x509_certificate - .to_vec() + .to_der() .map_err(|e| ResolveError::GenerateCertificate(X509Error::DerEncoding(e))) } diff --git a/src/crypto/src/x509.rs b/src/crypto/src/x509.rs index d475c6b..5c3355b 100644 --- a/src/crypto/src/x509.rs +++ b/src/crypto/src/x509.rs @@ -4,13 +4,12 @@ use alloc::vec; use core::convert::{TryFrom, TryInto}; -use der::asn1::{ - Any, BitString, GeneralizedTime, ObjectIdentifier, OctetString, SetOfVec, UIntBytes, UtcTime, - Utf8String, -}; -use der::{ - Choice, Decodable, Decoder, DerOrd, Encodable, Header, Sequence, Tag, TagNumber, Tagged, +pub use der::asn1::{ + AnyRef, BitStringRef, GeneralizedTime, ObjectIdentifier, OctetString, OctetStringRef, + PrintableString, PrintableStringRef, SequenceOf, SetOfVec, UintRef, UtcTime, Utf8StringRef, }; +use der::{Choice, Decode, DerOrd, Encode, Header, Sequence, Tag, TagNumber, Tagged}; +use der::{ErrorKind, TagMode}; #[derive(Debug)] pub enum X509Error { @@ -59,7 +58,7 @@ impl<'a> CertificateBuilder<'a> { ) -> Result { let subject_public_key_info = SubjectPublicKeyInfo { algorithm, - subject_public_key: BitString::new(0, public_key)?, + subject_public_key: BitStringRef::new(0, public_key)?, }; self.0.tbs_certificate.subject_public_key_info = subject_public_key_info; Ok(self) @@ -80,9 +79,9 @@ impl<'a> CertificateBuilder<'a> { signature: &'a mut alloc::vec::Vec, mut signer: impl FnMut(&[u8], &mut alloc::vec::Vec), ) -> Result { - let tbs = self.0.tbs_certificate.to_vec().unwrap(); + let tbs = self.0.tbs_certificate.to_der().unwrap(); signer(tbs.as_slice(), signature); - self.0.signature_value = BitString::new(0, signature)?; + self.0.signature_value = BitStringRef::new(0, signature)?; Ok(self) } @@ -96,11 +95,11 @@ impl<'a> CertificateBuilder<'a> { // tbsCertificate TBSCertificate, // signatureAlgorithm AlgorithmIdentifier, // signatureValue BIT STRING } -#[derive(Clone)] +#[derive(Clone, Sequence)] pub struct Certificate<'a> { pub tbs_certificate: TBSCertificate<'a>, pub signature_algorithm: AlgorithmIdentifier<'a>, - pub signature_value: BitString<'a>, + pub signature_value: BitStringRef<'a>, } impl<'a> Certificate<'a> { @@ -110,13 +109,13 @@ impl<'a> Certificate<'a> { public_key: &'a [u8], self_signed: bool, ) -> Result { - let version = Version(UIntBytes::new(&[2])?); - let serial_number = UIntBytes::new(&[1])?; + let version = Version(UintRef::new(&[2])?); + let serial_number = UintRef::new(&[1])?; let mut issuer_name = SetOfVec::new(); - issuer_name.add(DistinguishedName { - attribute_type: ObjectIdentifier::new("2.5.4.3"), - value: Utf8String::new("IntelVTpmCA")?.try_into().unwrap(), + issuer_name.insert(DistinguishedName { + attribute_type: ObjectIdentifier::new("2.5.4.3").unwrap(), + value: Utf8StringRef::new("IntelVTpmCA")?.try_into().unwrap(), })?; let issuer = vec![issuer_name]; @@ -137,7 +136,7 @@ impl<'a> Certificate<'a> { let subject_public_key_info = SubjectPublicKeyInfo { algorithm, - subject_public_key: BitString::new(0, public_key)?, + subject_public_key: BitStringRef::new(0, public_key)?, }; let tbs_certificate = TBSCertificate { @@ -153,7 +152,7 @@ impl<'a> Certificate<'a> { extensions: None, }; - let signature_value = BitString::new(0, &[])?; + let signature_value = BitStringRef::new(0, &[])?; Ok(Certificate { tbs_certificate, @@ -167,40 +166,11 @@ impl<'a> Certificate<'a> { } pub fn set_signature(&mut self, signature: &'a [u8]) -> Result<(), X509Error> { - self.signature_value = BitString::new(0, signature)?; + self.signature_value = BitStringRef::new(0, signature)?; Ok(()) } } -impl<'a> Decodable<'a> for Certificate<'a> { - fn decode(decoder: &mut Decoder<'a>) -> der::Result { - decoder.sequence(|decoder| { - let tbs_certificate = decoder.decode()?; - let signature_algorithm = decoder.decode()?; - let signature_value = decoder.decode()?; - - Ok(Self { - tbs_certificate, - signature_algorithm, - signature_value, - }) - }) - } -} - -impl<'a> Sequence<'a> for Certificate<'a> { - fn fields(&self, field_encoder: F) -> der::Result - where - F: FnOnce(&[&dyn Encodable]) -> der::Result, - { - field_encoder(&[ - &self.tbs_certificate, - &self.signature_algorithm, - &self.signature_value, - ]) - } -} - // https://datatracker.ietf.org/doc/html/rfc5280#section-4.1 // TBSCertificate ::= SEQUENCE { // version [0] EXPLICIT Version DEFAULT v1, @@ -217,10 +187,10 @@ impl<'a> Sequence<'a> for Certificate<'a> { // extensions [3] EXPLICIT Extensions OPTIONAL // -- If present, version MUST be v3 // } -#[derive(Clone)] +#[derive(Clone, Sequence)] pub struct TBSCertificate<'a> { pub version: Version<'a>, - pub serial_number: UIntBytes<'a>, // ASN.1 INTEGER + pub serial_number: UintRef<'a>, // ASN.1 INTEGER pub signature: AlgorithmIdentifier<'a>, pub issuer: alloc::vec::Vec>>, pub validity: Validity, @@ -231,58 +201,10 @@ pub struct TBSCertificate<'a> { pub extensions: Option>, } -impl<'a> Decodable<'a> for TBSCertificate<'a> { - fn decode(decoder: &mut Decoder<'a>) -> der::Result { - decoder.sequence(|decoder| { - let version = decoder.decode()?; - let serial_number = decoder.decode()?; - let signature = decoder.decode()?; - let issuer = decoder.decode()?; - let validity = decoder.decode()?; - let subject = decoder.decode()?; - let subject_public_key_info = decoder.decode()?; - let issuer_unique_id = decoder.decode()?; - let subject_unique_id = decoder.decode()?; - let extensions = decoder.decode()?; - - Ok(Self { - version, - serial_number, - signature, - issuer, - validity, - subject, - subject_public_key_info, - extensions, - issuer_unique_id, - subject_unique_id, - }) - }) - } -} - -impl<'a> Sequence<'a> for TBSCertificate<'a> { - fn fields(&self, field_encoder: F) -> der::Result - where - F: FnOnce(&[&dyn Encodable]) -> der::Result, - { - field_encoder(&[ - &self.version, - &self.serial_number, - &self.signature, - &self.issuer, - &self.validity, - &self.subject, - &self.subject_public_key_info, - &self.extensions, - ]) - } -} - #[derive(Clone, Debug, Eq, PartialEq)] -pub struct AuthorityKeyIdentifier<'a>(pub OctetString<'a>); +pub struct AuthorityKeyIdentifier<'a>(pub OctetStringRef<'a>); -impl<'a> Encodable for AuthorityKeyIdentifier<'a> { +impl<'a> Encode for AuthorityKeyIdentifier<'a> { fn encoded_len(&self) -> der::Result { let len = self.0.encoded_len()?; let explicit = Header::new( @@ -295,7 +217,7 @@ impl<'a> Encodable for AuthorityKeyIdentifier<'a> { explicit.encoded_len() + len } - fn encode(&self, encoder: &mut der::Encoder<'_>) -> der::Result<()> { + fn encode(&self, encoder: &mut impl der::Writer) -> der::Result<()> { let len = self.0.encoded_len()?; let explicit = Header::new( der::Tag::ContextSpecific { @@ -312,7 +234,7 @@ impl<'a> Encodable for AuthorityKeyIdentifier<'a> { #[derive(Clone, Debug, Eq, PartialEq)] pub struct SubjectAltName<'a>(pub alloc::vec::Vec>>); -impl<'a> Encodable for SubjectAltName<'a> { +impl<'a> Encode for SubjectAltName<'a> { fn encoded_len(&self) -> der::Result { let len = self.0.encoded_len()?; let explicit = Header::new( @@ -325,7 +247,7 @@ impl<'a> Encodable for SubjectAltName<'a> { explicit.encoded_len() + len } - fn encode(&self, encoder: &mut der::Encoder<'_>) -> der::Result<()> { + fn encode(&self, encoder: &mut impl der::Writer) -> der::Result<()> { let len = self.0.encoded_len()?; let explicit = Header::new( der::Tag::ContextSpecific { @@ -340,16 +262,20 @@ impl<'a> Encodable for SubjectAltName<'a> { } #[derive(Clone, Debug, Eq, PartialEq)] -pub struct Version<'a>(UIntBytes<'a>); +pub struct Version<'a>(UintRef<'a>); -impl<'a> Decodable<'a> for Version<'a> { - fn decode(decoder: &mut Decoder<'a>) -> der::Result { - let res = decoder.any()?; - Ok(Self(UIntBytes::from_der(res.value())?)) +impl<'a> Decode<'a> for Version<'a> { + fn decode>(decoder: &mut R) -> der::Result { + // let res = decoder.any()?; + let v = decoder + .context_specific(TagNumber::new(0), TagMode::Explicit)? + .ok_or(der::Error::new(ErrorKind::Failed, decoder.position()))?; + // let v = decoder.decode()?; + Ok(Self(v)) } } -impl<'a> Encodable for Version<'a> { +impl<'a> Encode for Version<'a> { fn encoded_len(&self) -> der::Result { let len = self.0.encoded_len()?; let explicit = Header::new( @@ -362,7 +288,7 @@ impl<'a> Encodable for Version<'a> { explicit.encoded_len() + len } - fn encode(&self, encoder: &mut der::Encoder<'_>) -> der::Result<()> { + fn encode(&self, encoder: &mut impl der::Writer) -> der::Result<()> { let len = self.0.encoded_len()?; let explicit = Header::new( der::Tag::ContextSpecific { @@ -394,40 +320,17 @@ impl<'a> Choice<'a> for Version<'a> { } } -#[derive(Clone, Copy, Debug, Eq, PartialEq)] +#[derive(Clone, Copy, Debug, Eq, PartialEq, Sequence)] pub struct AlgorithmIdentifier<'a> { pub algorithm: ObjectIdentifier, - pub parameters: Option>, -} - -impl<'a> Decodable<'a> for AlgorithmIdentifier<'a> { - fn decode(decoder: &mut Decoder<'a>) -> der::Result { - decoder.sequence(|decoder| { - let algorithm = decoder.decode()?; - let parameters = decoder.decode()?; - - Ok(Self { - algorithm, - parameters, - }) - }) - } -} - -impl<'a> Sequence<'a> for AlgorithmIdentifier<'a> { - fn fields(&self, field_encoder: F) -> der::Result - where - F: FnOnce(&[&dyn Encodable]) -> der::Result, - { - field_encoder(&[&self.algorithm, &self.parameters]) - } + pub parameters: Option>, } #[allow(non_snake_case)] -#[derive(Clone, Copy, Debug, Eq, PartialEq, PartialOrd, Ord)] +#[derive(Clone, Copy, Debug, Eq, PartialEq, PartialOrd, Ord, Sequence)] pub struct DistinguishedName<'a> { pub(crate) attribute_type: ObjectIdentifier, - pub(crate) value: Any<'a>, + pub(crate) value: AnyRef<'a>, } impl<'a> DerOrd for DistinguishedName<'a> { @@ -436,29 +339,6 @@ impl<'a> DerOrd for DistinguishedName<'a> { } } -impl<'a> Decodable<'a> for DistinguishedName<'a> { - fn decode(decoder: &mut Decoder<'a>) -> der::Result { - decoder.sequence(|decoder| { - let attribute_type = decoder.decode()?; - let value = decoder.decode()?; - - Ok(Self { - attribute_type, - value, - }) - }) - } -} - -impl<'a> Sequence<'a> for DistinguishedName<'a> { - fn fields(&self, field_encoder: F) -> der::Result - where - F: FnOnce(&[&dyn Encodable]) -> der::Result, - { - field_encoder(&[&self.attribute_type, &self.value]) - } -} - #[derive(Choice, Copy, Clone, Debug, Eq, PartialEq)] pub enum Time { #[asn1(type = "UTCTime")] @@ -479,77 +359,33 @@ impl From for Time { } } -#[derive(Clone, Debug, Eq, PartialEq)] +#[derive(Clone, Debug, Eq, PartialEq, Sequence)] pub struct Validity { not_before: Time, not_after: Time, } -impl Decodable<'_> for Validity { - fn decode(decoder: &mut Decoder) -> der::Result { - decoder.sequence(|decoder| { - let not_before = decoder.decode()?; - let not_after = decoder.decode()?; - - Ok(Self { - not_before, - not_after, - }) - }) - } -} - -impl Sequence<'_> for Validity { - fn fields(&self, field_encoder: F) -> der::Result - where - F: FnOnce(&[&dyn Encodable]) -> der::Result, - { - field_encoder(&[&self.not_before, &self.not_after]) - } -} - -#[derive(Clone, Copy, Debug, Eq, PartialEq)] +#[derive(Clone, Copy, Debug, Eq, PartialEq, Sequence)] pub struct SubjectPublicKeyInfo<'a> { pub algorithm: AlgorithmIdentifier<'a>, - pub subject_public_key: BitString<'a>, -} - -#[allow(non_snake_case)] -impl<'a> Decodable<'a> for SubjectPublicKeyInfo<'a> { - fn decode(decoder: &mut Decoder<'a>) -> der::Result { - decoder.sequence(|decoder| { - let algorithm = decoder.decode()?; - let subject_public_key = decoder.decode()?; - - Ok(Self { - algorithm, - subject_public_key, - }) - }) - } -} - -impl<'a> Sequence<'a> for SubjectPublicKeyInfo<'a> { - fn fields(&self, field_encoder: F) -> der::Result - where - F: FnOnce(&[&dyn Encodable]) -> der::Result, - { - field_encoder(&[&self.algorithm, &self.subject_public_key]) - } + pub subject_public_key: BitStringRef<'a>, } #[derive(Clone)] -pub struct UniqueIdentifier<'a, const N: u8>(BitString<'a>); +pub struct UniqueIdentifier<'a, const N: u8>(BitStringRef<'a>); -impl<'a, const N: u8> Decodable<'a> for UniqueIdentifier<'a, N> { - fn decode(decoder: &mut Decoder<'a>) -> der::Result { - let res = decoder.any()?; - let uid = BitString::from_der(res.value())?; - Ok(Self(uid)) +impl<'a, const N: u8> Decode<'a> for UniqueIdentifier<'a, N> { + fn decode>(decoder: &mut R) -> der::Result { + let id = decoder + .context_specific(TagNumber::new(N), TagMode::Explicit)? + .ok_or(der::Error::new(ErrorKind::Failed, decoder.position()))?; + // let id = decoder.decode()?; + // let uid = BitStringRef::from_der(res.value())?; + Ok(Self(id)) } } -impl<'a, const N: u8> Encodable for UniqueIdentifier<'a, N> { +impl<'a, const N: u8> Encode for UniqueIdentifier<'a, N> { fn encoded_len(&self) -> der::Result { let len = self.0.encoded_len()?; let explicit = Header::new( @@ -562,7 +398,7 @@ impl<'a, const N: u8> Encodable for UniqueIdentifier<'a, N> { explicit.encoded_len() + len } - fn encode(&self, encoder: &mut der::Encoder<'_>) -> der::Result<()> { + fn encode(&self, encoder: &mut impl der::Writer) -> der::Result<()> { let len = self.0.encoded_len()?; let explicit = Header::new( Tag::ContextSpecific { @@ -603,14 +439,16 @@ impl<'a> Extensions<'a> { } } -impl<'a> Decodable<'a> for Extensions<'a> { - fn decode(decoder: &mut Decoder<'a>) -> der::Result { - let res = decoder.any()?; - Ok(Self(alloc::vec::Vec::from_der(res.value())?)) +impl<'a> Decode<'a> for Extensions<'a> { + fn decode>(decoder: &mut R) -> der::Result { + let ext = decoder + .context_specific(TagNumber::new(3), TagMode::Explicit)? + .ok_or(der::Error::new(ErrorKind::Failed, decoder.position()))?; + Ok(Self(ext)) } } -impl<'a> Encodable for Extensions<'a> { +impl<'a> Encode for Extensions<'a> { fn encoded_len(&self) -> der::Result { let len = self.0.encoded_len()?; let explicit = Header::new( @@ -623,7 +461,7 @@ impl<'a> Encodable for Extensions<'a> { explicit.encoded_len() + len } - fn encode(&self, encoder: &mut der::Encoder<'_>) -> der::Result<()> { + fn encode(&self, encoder: &mut impl der::Writer) -> der::Result<()> { let len = self.0.encoded_len()?; let explicit = Header::new( Tag::ContextSpecific { @@ -655,11 +493,11 @@ impl<'a> Choice<'a> for Extensions<'a> { } } -#[derive(Clone, Copy, Debug, Eq, PartialEq)] +#[derive(Clone, Copy, Debug, Eq, PartialEq, Sequence)] pub struct Extension<'a> { pub extn_id: ObjectIdentifier, pub critical: Option, // ASN.1 BOOLEAN. - pub extn_value: Option>, + pub extn_value: Option>, } impl<'a> Extension<'a> { @@ -669,7 +507,7 @@ impl<'a> Extension<'a> { extn_value: Option<&'a [u8]>, ) -> Result { let extn_value = if let Some(extn_value) = extn_value { - Some(OctetString::new(extn_value)?) + Some(OctetStringRef::new(extn_value)?) } else { None }; @@ -682,29 +520,4 @@ impl<'a> Extension<'a> { } } -impl<'a> Decodable<'a> for Extension<'a> { - fn decode(decoder: &mut Decoder<'a>) -> der::Result { - decoder.sequence(|decoder| { - let extn_id = decoder.decode()?; - let critical = decoder.decode()?; - let extn_value = decoder.decode()?; - - Ok(Self { - extn_id, - critical, - extn_value, - }) - }) - } -} - -impl<'a> Sequence<'a> for Extension<'a> { - fn fields(&self, field_encoder: F) -> der::Result - where - F: FnOnce(&[&dyn Encodable]) -> der::Result, - { - field_encoder(&[&self.extn_id, &self.critical, &self.extn_value]) - } -} - pub type ExtendedKeyUsage = alloc::vec::Vec; diff --git a/src/vtpmtd/Cargo.toml b/src/vtpmtd/Cargo.toml index 21a531f..5358da4 100644 --- a/src/vtpmtd/Cargo.toml +++ b/src/vtpmtd/Cargo.toml @@ -18,7 +18,7 @@ anyhow = { version = "1.0.68", default-features = false } sha2 = { version = "0.10.6", default-features = false, features = ["force-soft"]} paste = "1.0" bytes = { version="1", default-features=false } -der = {version = "0.5.1", features = ["oid", "alloc", "derive"]} +der = {version = "0.7.9", features = ["oid", "alloc", "derive"]} eventlog = { path = "../eventlog" } linked_list_allocator = "0.10.2"