From 88d8e99376013e9071e06ecc62c64774a2e88ea3 Mon Sep 17 00:00:00 2001 From: Zach Halvorsen <zhalvorsen@google.com> Date: Wed, 5 Jun 2024 16:57:32 +0000 Subject: [PATCH] Update the `p384` and `rfc6979` crates. --- Cargo.lock | 225 ++++++--------------------- Cargo.toml | 4 +- sw-emulator/lib/crypto/src/ecc384.rs | 13 +- 3 files changed, 59 insertions(+), 183 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b84ba751ef..ec8ed09f45 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -133,12 +133,6 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" -[[package]] -name = "base16ct" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce" - [[package]] name = "base16ct" version = "0.2.0" @@ -555,11 +549,11 @@ dependencies = [ "caliptra-image-types", "caliptra-lms-types", "cfg-if 1.0.0", - "ecdsa 0.16.9", + "ecdsa", "openssl", "p384", "rand", - "sec1 0.7.3", + "sec1", "sha2", "zerocopy", ] @@ -959,9 +953,9 @@ dependencies = [ [[package]] name = "clap" -version = "3.2.23" +version = "3.2.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71655c45cb9845d3270c9d6df84ebe72b4dad3c2ba3f7023ad47c144e4e473a5" +checksum = "4ea181bf566f71cb9a5d17a59e1871af638180a18fb0035c92ae62b705207123" dependencies = [ "bitflags 1.3.2", "clap_lex", @@ -985,8 +979,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7b77c319abfd5219629c45c34c89ba945ed3c5e49fcde9d16b6c3885f118a730" dependencies = [ "const-oid", - "der 0.7.8", - "spki 0.7.3", + "der", + "spki", "x509-cert", ] @@ -1057,18 +1051,6 @@ dependencies = [ "zeroize", ] -[[package]] -name = "crypto-bigint" -version = "0.4.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef" -dependencies = [ - "generic-array", - "rand_core", - "subtle", - "zeroize", -] - [[package]] name = "crypto-bigint" version = "0.5.5" @@ -1154,17 +1136,6 @@ version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2e66c9d817f1720209181c316d28635c050fa304f9c79e47a520882661b7308" -[[package]] -name = "der" -version = "0.6.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de" -dependencies = [ - "const-oid", - "pem-rfc7468 0.6.0", - "zeroize", -] - [[package]] name = "der" version = "0.7.8" @@ -1174,7 +1145,7 @@ dependencies = [ "const-oid", "der_derive", "flagset", - "pem-rfc7468 0.7.0", + "pem-rfc7468", "zeroize", ] @@ -1259,28 +1230,18 @@ dependencies = [ "zeroize", ] -[[package]] -name = "ecdsa" -version = "0.14.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "413301934810f597c1d19ca71c8710e99a3f1ba28a0d2ebc01551a2daeea3c5c" -dependencies = [ - "der 0.6.1", - "elliptic-curve 0.12.3", - "rfc6979", - "signature 1.6.4", -] - [[package]] name = "ecdsa" version = "0.16.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" dependencies = [ - "der 0.7.8", + "der", "digest", - "elliptic-curve 0.13.8", - "signature 2.2.0", + "elliptic-curve", + "rfc6979", + "signature", + "spki", ] [[package]] @@ -1289,44 +1250,23 @@ version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2b183d6ce6ca4cf30e3db37abf5b52568b5f9015c97d9fbdd7026aa5dcdd758" -[[package]] -name = "elliptic-curve" -version = "0.12.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3" -dependencies = [ - "base16ct 0.1.1", - "crypto-bigint 0.4.9", - "der 0.6.1", - "digest", - "ff 0.12.1", - "generic-array", - "group 0.12.1", - "hkdf", - "pem-rfc7468 0.6.0", - "pkcs8 0.9.0", - "rand_core", - "sec1 0.3.0", - "subtle", - "zeroize", -] - [[package]] name = "elliptic-curve" version = "0.13.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" dependencies = [ - "base16ct 0.2.0", - "crypto-bigint 0.5.5", + "base16ct", + "crypto-bigint", "digest", - "ff 0.13.0", + "ff", "generic-array", - "group 0.13.0", - "pem-rfc7468 0.7.0", - "pkcs8 0.10.2", + "group", + "hkdf", + "pem-rfc7468", + "pkcs8", "rand_core", - "sec1 0.7.3", + "sec1", "subtle", "zeroize", ] @@ -1350,16 +1290,6 @@ dependencies = [ "instant", ] -[[package]] -name = "ff" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160" -dependencies = [ - "rand_core", - "subtle", -] - [[package]] name = "ff" version = "0.13.0" @@ -1524,24 +1454,13 @@ dependencies = [ "wasi", ] -[[package]] -name = "group" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7" -dependencies = [ - "ff 0.12.1", - "rand_core", - "subtle", -] - [[package]] name = "group" version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" dependencies = [ - "ff 0.13.0", + "ff", "rand_core", "subtle", ] @@ -1890,18 +1809,19 @@ dependencies = [ [[package]] name = "os_str_bytes" -version = "6.5.0" +version = "6.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ceedf44fb00f2d1984b0bc98102627ce622e083e49a5bacdb3e514fa4238e267" +checksum = "e2355d85b9a3786f481747ced0e0ff2ba35213a1f9bd406ed906554d7af805a1" [[package]] name = "p384" -version = "0.11.2" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dfc8c5bf642dde52bb9e87c0ecd8ca5a76faac2eeed98dedb7c717997e1080aa" +checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209" dependencies = [ - "ecdsa 0.14.8", - "elliptic-curve 0.12.3", + "ecdsa", + "elliptic-curve", + "primeorder", "sha2", ] @@ -1934,15 +1854,6 @@ version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9f746c4065a8fa3fe23974dd82f15431cc8d40779821001404d10d2e79ca7d79" -[[package]] -name = "pem-rfc7468" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24d159833a9105500e0398934e205e0773f0b27529557134ecfc51c27646adac" -dependencies = [ - "base64ct", -] - [[package]] name = "pem-rfc7468" version = "0.7.0" @@ -1964,24 +1875,14 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" -[[package]] -name = "pkcs8" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba" -dependencies = [ - "der 0.6.1", - "spki 0.6.0", -] - [[package]] name = "pkcs8" version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" dependencies = [ - "der 0.7.8", - "spki 0.7.3", + "der", + "spki", ] [[package]] @@ -2005,6 +1906,15 @@ version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +[[package]] +name = "primeorder" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" +dependencies = [ + "elliptic-curve", +] + [[package]] name = "proc-macro2" version = "1.0.78" @@ -2093,13 +2003,12 @@ checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "rfc6979" -version = "0.3.1" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" dependencies = [ - "crypto-bigint 0.4.9", "hmac", - "zeroize", + "subtle", ] [[package]] @@ -2143,30 +2052,16 @@ version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1792db035ce95be60c3f8853017b3999209281c24e2ba5bc8e59bf97a0c590c1" -[[package]] -name = "sec1" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928" -dependencies = [ - "base16ct 0.1.1", - "der 0.6.1", - "generic-array", - "pkcs8 0.9.0", - "subtle", - "zeroize", -] - [[package]] name = "sec1" version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" dependencies = [ - "base16ct 0.2.0", - "der 0.7.8", + "base16ct", + "der", "generic-array", - "pkcs8 0.10.2", + "pkcs8", "subtle", "zeroize", ] @@ -2257,16 +2152,6 @@ dependencies = [ "keccak", ] -[[package]] -name = "signature" -version = "1.6.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c" -dependencies = [ - "digest", - "rand_core", -] - [[package]] name = "signature" version = "2.2.0" @@ -2312,16 +2197,6 @@ dependencies = [ "syn 1.0.109", ] -[[package]] -name = "spki" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b" -dependencies = [ - "base64ct", - "der 0.6.1", -] - [[package]] name = "spki" version = "0.7.3" @@ -2329,7 +2204,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" dependencies = [ "base64ct", - "der 0.7.8", + "der", ] [[package]] @@ -2402,9 +2277,9 @@ dependencies = [ [[package]] name = "textwrap" -version = "0.16.0" +version = "0.16.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "222a222a5bfe1bba4a77b45ec488a741b3cb8872e5e499451fd7d0129c9c7c3d" +checksum = "23d434d3f8967a09480fb04132ebe0a3e088c173e6d0ee7897abbdf4eab0f8b9" [[package]] name = "thiserror" @@ -2955,8 +2830,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94" dependencies = [ "const-oid", - "der 0.7.8", - "spki 0.7.3", + "der", + "spki", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 87ab14e815..7f25fea2bc 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -151,11 +151,11 @@ libusb1-sys = "0.6.4" memoffset = "0.8.0" once_cell = "1.13" openssl = { version = "0.10", features = ["vendored"] } -p384 = "0.11.2" +p384 = "0.13.0" proc-macro2 = "1.0.66" quote = "1.0" rand = "0.8" -rfc6979 = "0.3.0" +rfc6979 = "0.4.0" rusb = "0.9.3" serde = "1.0" serde_derive = "1.0.136" diff --git a/sw-emulator/lib/crypto/src/ecc384.rs b/sw-emulator/lib/crypto/src/ecc384.rs index 20dd13170b..6736ba6cbb 100644 --- a/sw-emulator/lib/crypto/src/ecc384.rs +++ b/sw-emulator/lib/crypto/src/ecc384.rs @@ -106,8 +106,8 @@ impl From<Signature> for Ecc384Signature { /// Converts to this type from the input type. fn from(ecc_sig: Signature) -> Self { let mut sig = Self::default(); - sig.r.copy_from_slice(ecc_sig.r().to_be_bytes().as_slice()); - sig.s.copy_from_slice(ecc_sig.s().to_be_bytes().as_slice()); + sig.r.copy_from_slice(ecc_sig.r().to_bytes().as_slice()); + sig.s.copy_from_slice(ecc_sig.s().to_bytes().as_slice()); sig } } @@ -162,7 +162,7 @@ impl Ecc384 { let mut drbg = HmacDrbg::<Sha384>::new(&seed_reversed, &nonce_reversed, &[]); drbg.fill_bytes(&mut priv_key); - let signing_key = SigningKey::from_bytes(&priv_key).unwrap(); + let signing_key = SigningKey::from_slice(&priv_key).unwrap(); let verifying_key = signing_key.verifying_key(); let ecc_point = verifying_key.to_encoded_point(false); @@ -193,8 +193,8 @@ impl Ecc384 { priv_key_reversed.to_little_endian(); hash_reversed.to_little_endian(); - let signing_key = SigningKey::from_bytes(&priv_key_reversed).unwrap(); - let ecc_sig = signing_key.sign_prehash(&hash_reversed).unwrap(); + let signing_key = SigningKey::from_slice(&priv_key_reversed).unwrap(); + let ecc_sig: Signature = signing_key.sign_prehash(&hash_reversed).unwrap(); let mut signature: Ecc384Signature = ecc_sig.into(); @@ -233,7 +233,8 @@ impl Ecc384 { signature_reversed.s.to_little_endian(); let verifying_key = VerifyingKey::from_encoded_point(&pub_key_reversed.into()).unwrap(); - let result = verifying_key.verify_prehash(&hash_reversed, &signature_reversed.into()); + let result = + verifying_key.verify_prehash(&hash_reversed, &Signature::from(signature_reversed)); if result.is_ok() { signature.r } else {