From 0b1f5fe16c924b3cc1e28bb34e83ae1672b3fa20 Mon Sep 17 00:00:00 2001 From: Carl Wallace Date: Thu, 12 Sep 2024 10:16:29 -0400 Subject: [PATCH 1/3] add a few missing feature gates to tests. add rsa feature to Cargo.toml for limbo. add rsa feature to pittv3 doc. --- pittv3/Cargo.toml | 1 + pittv3/README.md | 1 + pittv3/tests/pitt3_std_app.rs | 6 +++--- support/x509-limbo-tests/Cargo.toml | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/pittv3/Cargo.toml b/pittv3/Cargo.toml index 0797c32..e66e9a1 100644 --- a/pittv3/Cargo.toml +++ b/pittv3/Cargo.toml @@ -82,6 +82,7 @@ remote = ["certval/remote", "revocation", "std"] pqc = ["pqcrypto-internals", "pqcrypto-dilithium", "pqcrypto-falcon", "pqcrypto-sphincsplus", "pqcrypto", "pqcrypto-traits", "certval/pqc"] webpki = ["certval/webpki"] sha1_sig = ["rsa"] +rsa = ["certval/rsa", "dep:rsa"] [package.metadata.docs.rs] all-features = true diff --git a/pittv3/README.md b/pittv3/README.md index fcc241e..0e2b703 100644 --- a/pittv3/README.md +++ b/pittv3/README.md @@ -98,6 +98,7 @@ The seven feature gates shared with certval enable varying levels of support and expressed in CRL DP extensions, and for interacting with OCSP responders via URIs expressed in AIA extensions. - `pqc` adds support for dilithium, falcon and sphincsplus using algorithm implementations from the [pqcrypto](https://github.com/rustpq/pqcrypto) project and object identifiers from the [IETF 115 PQC hackathon](https://github.com/IETF-Hackathon/pqc-certificates). - `webpki` adds support for instantiating TaSource instances using trust anchors from the [webpki-roots](https://crates.io/crates/webpki-roots) crate +- `rsa` enables use of the RSA algorithm. RSA support is not enabled by default presently. The one additional feature gate is `std_app`, which builds certval as `default-features = false` but builds pittv3 with std support so that end entity files can be selected for validation (additional diff --git a/pittv3/tests/pitt3_std_app.rs b/pittv3/tests/pitt3_std_app.rs index 626f60a..099c88e 100644 --- a/pittv3/tests/pitt3_std_app.rs +++ b/pittv3/tests/pitt3_std_app.rs @@ -1,4 +1,4 @@ -#![cfg(not(feature = "std"))] +#![cfg(all(not(feature = "std"), feature = "rsa"))] use assert_cmd::prelude::*; use std::process::Command; @@ -6,7 +6,7 @@ use std::process::Command; #[cfg(feature = "std_app")] use predicates::prelude::*; -#[cfg(all(feature = "std_app", not(feature = "revocation")))] +#[cfg(all(feature = "std_app", feature = "rsa", not(feature = "revocation")))] #[test] fn generate_then_validate_one_std_app() -> Result<(), Box> { { @@ -17,7 +17,7 @@ fn generate_then_validate_one_std_app() -> Result<(), Box } Ok(()) } -#[cfg(all(feature = "std_app", feature = "revocation"))] +#[cfg(all(feature = "std_app", feature = "rsa", feature = "revocation"))] #[test] fn generate_then_validate_one_std_app() -> Result<(), Box> { { diff --git a/support/x509-limbo-tests/Cargo.toml b/support/x509-limbo-tests/Cargo.toml index f47551a..847d826 100644 --- a/support/x509-limbo-tests/Cargo.toml +++ b/support/x509-limbo-tests/Cargo.toml @@ -10,7 +10,7 @@ limbo-harness-support = { path = "../x509-limbo/harness-support/rust" } chrono = "0.4.38" pem = "3.0.4" serde_json = "1.0.116" -certval = { path = "../../certval" } +certval = { path = "../../certval", features = ["rsa"] } x509-cert = { version = "0.3.0-pre", features = ["hazmat"] } rayon = "1.10.0" cidr = "0.2.2" From ee0a196398fc0b0cda62499898cd422852275734 Mon Sep 17 00:00:00 2001 From: Carl Wallace Date: Thu, 12 Sep 2024 10:26:54 -0400 Subject: [PATCH 2/3] add ed25519-dalek to limbo Cargo.toml --- support/x509-limbo-tests/Cargo.lock | 216 +++++++++++++++++----------- support/x509-limbo-tests/Cargo.toml | 4 + 2 files changed, 133 insertions(+), 87 deletions(-) diff --git a/support/x509-limbo-tests/Cargo.lock b/support/x509-limbo-tests/Cargo.lock index 53dd7f1..16827ba 100644 --- a/support/x509-limbo-tests/Cargo.lock +++ b/support/x509-limbo-tests/Cargo.lock @@ -174,12 +174,14 @@ dependencies = [ "const-oid", "der", "ecdsa", + "ed25519-dalek", "flagset", "lazy_static", "log", "ndarray", "p256", "p384", + "p521", "pem-rfc7468", "pkiprocmacros", "readonly", @@ -192,7 +194,6 @@ dependencies = [ "sha2", "spki", "subtle-encoding", - "tokio", "url", "walkdir", "webpki-roots", @@ -346,7 +347,34 @@ version = "0.2.0-rc.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8c070b79a496dccd931229780ad5bbedd535ceff6c3565605a8e440e18e1aa2b" dependencies = [ + "getrandom", "hybrid-array", + "rand_core", +] + +[[package]] +name = "curve25519-dalek" +version = "4.1.3" +source = "git+https://github.com/dalek-cryptography/curve25519-dalek.git?branch=rustcrypto-new-releases#44508ba8652ae3445608ad3c56b63ef528ddfb93" +dependencies = [ + "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", + "digest", + "fiat-crypto", + "rustc_version", + "subtle", + "zeroize", +] + +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.1" +source = "git+https://github.com/dalek-cryptography/curve25519-dalek.git?branch=rustcrypto-new-releases#44508ba8652ae3445608ad3c56b63ef528ddfb93" +dependencies = [ + "proc-macro2", + "quote", + "syn", ] [[package]] @@ -404,6 +432,29 @@ dependencies = [ "signature", ] +[[package]] +name = "ed25519" +version = "2.3.0-pre.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "62bcc0730fbd27c8619332efad3dfa1de229dc5859a31495ab674e0ac0f9996b" +dependencies = [ + "pkcs8", + "signature", +] + +[[package]] +name = "ed25519-dalek" +version = "2.2.0-pre" +source = "git+https://github.com/dalek-cryptography/curve25519-dalek.git?branch=rustcrypto-new-releases#44508ba8652ae3445608ad3c56b63ef528ddfb93" +dependencies = [ + "curve25519-dalek", + "ed25519", + "serde", + "sha2", + "subtle", + "zeroize", +] + [[package]] name = "either" version = "1.13.0" @@ -469,6 +520,12 @@ dependencies = [ "subtle", ] +[[package]] +name = "fiat-crypto" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" + [[package]] name = "flagset" version = "0.4.6" @@ -562,6 +619,17 @@ dependencies = [ "slab", ] +[[package]] +name = "getrandom" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + [[package]] name = "gimli" version = "0.29.0" @@ -620,9 +688,9 @@ dependencies = [ [[package]] name = "heck" -version = "0.4.1" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" [[package]] name = "hermit-abi" @@ -810,7 +878,7 @@ name = "limbo-harness-support" version = "0.1.0" dependencies = [ "chrono", - "regress 0.9.1", + "regress 0.10.1", "serde", "serde_json", "typify", @@ -822,16 +890,6 @@ version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" -[[package]] -name = "lock_api" -version = "0.4.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07af8b9cdd281b7915f413fa73f29ebd5d55d0d3f0155584dade1ff18cea1b17" -dependencies = [ - "autocfg", - "scopeguard", -] - [[package]] name = "log" version = "0.4.22" @@ -1051,26 +1109,17 @@ dependencies = [ ] [[package]] -name = "parking_lot" -version = "0.12.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27" -dependencies = [ - "lock_api", - "parking_lot_core", -] - -[[package]] -name = "parking_lot_core" -version = "0.9.10" +name = "p521" +version = "0.14.0-pre.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e401f977ab385c9e4e3ab30627d6f26d00e2c73eef317493c4ec6d468726cf8" +checksum = "9ec5d919bea930a34a522bb1c95a89f559925deab255db2c2ffa174fc48df664" dependencies = [ - "cfg-if", - "libc", - "redox_syscall", - "smallvec", - "windows-targets 0.52.6", + "base16ct", + "ecdsa", + "elliptic-curve", + "primefield", + "primeorder", + "sha2", ] [[package]] @@ -1155,6 +1204,12 @@ dependencies = [ "zerocopy 0.6.6", ] +[[package]] +name = "primefield" +version = "0.14.0-pre.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3f2ce0fa9cccdaf216230d151ce51a15298aef50ad76081a830128ecbc6428a" + [[package]] name = "primeorder" version = "0.14.0-pre.1" @@ -1213,6 +1268,9 @@ name = "rand_core" version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] [[package]] name = "rawpointer" @@ -1251,15 +1309,6 @@ dependencies = [ "syn", ] -[[package]] -name = "redox_syscall" -version = "0.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a908a6e00f1fdd0dfd9c0eb08ce85126f6d8bbda50017e74bc4a4b7d4a926a4" -dependencies = [ - "bitflags 2.6.0", -] - [[package]] name = "regex" version = "1.10.5" @@ -1291,9 +1340,9 @@ checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" [[package]] name = "regress" -version = "0.8.0" +version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f5f39ba4513916c1b2657b72af6ec671f091cd637992f58d0ede5cae4e5dea0" +checksum = "0eae2a1ebfecc58aff952ef8ccd364329abe627762f5bf09ff42eb9d98522479" dependencies = [ "hashbrown", "memchr", @@ -1301,9 +1350,9 @@ dependencies = [ [[package]] name = "regress" -version = "0.9.1" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0eae2a1ebfecc58aff952ef8ccd364329abe627762f5bf09ff42eb9d98522479" +checksum = "1541daf4e4ed43a0922b7969bdc2170178bcacc5dabf7e39bc508a9fa3953a7a" dependencies = [ "hashbrown", "memchr", @@ -1386,6 +1435,7 @@ dependencies = [ "certval", "chrono", "cidr", + "ed25519-dalek", "limbo-harness-support", "pem", "rayon", @@ -1399,6 +1449,15 @@ version = "0.1.24" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f" +[[package]] +name = "rustc_version" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" +dependencies = [ + "semver", +] + [[package]] name = "rustix" version = "0.38.34" @@ -1469,12 +1528,6 @@ dependencies = [ "syn", ] -[[package]] -name = "scopeguard" -version = "1.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" - [[package]] name = "sec1" version = "0.8.0-rc.0" @@ -1511,20 +1564,29 @@ dependencies = [ "libc", ] +[[package]] +name = "semver" +version = "1.0.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" +dependencies = [ + "serde", +] + [[package]] name = "serde" -version = "1.0.204" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" +checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.204" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" +checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" dependencies = [ "proc-macro2", "quote", @@ -1544,9 +1606,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.121" +version = "1.0.128" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ab380d7d9f22ef3f21ad3e6c1ebe8e4fc7a2000ccba2e4d71fc96f15b2cb609" +checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8" dependencies = [ "itoa", "memchr", @@ -1600,15 +1662,6 @@ dependencies = [ "digest", ] -[[package]] -name = "signal-hook-registry" -version = "1.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9e9e0b4211b72e7b8b6e85c807d36c212bdb33ea8587f7569562a84df5465b1" -dependencies = [ - "libc", -] - [[package]] name = "signature" version = "2.3.0-pre.4" @@ -1794,25 +1847,11 @@ dependencies = [ "bytes", "libc", "mio", - "parking_lot", "pin-project-lite", - "signal-hook-registry", "socket2", - "tokio-macros", "windows-sys 0.52.0", ] -[[package]] -name = "tokio-macros" -version = "2.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - [[package]] name = "tokio-native-tls" version = "0.3.1" @@ -1875,9 +1914,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "typify" -version = "0.0.16" +version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c61e9db210bbff218e6535c664b37ec47da449169b98e7866d0580d0db75529" +checksum = "adb6beec125971dda80a086f90b4a70f60f222990ce4d63ad0fc140492f53444" dependencies = [ "typify-impl", "typify-macro", @@ -1885,16 +1924,18 @@ dependencies = [ [[package]] name = "typify-impl" -version = "0.0.16" +version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95e32f38493804f88e2dc7a5412eccd872ea5452b4db9b0a77de4df180f2a87e" +checksum = "93bbb24e990654aff858d80fee8114f4322f7d7a1b1ecb45129e2fcb0d0ad5ae" dependencies = [ "heck", "log", "proc-macro2", "quote", - "regress 0.8.0", + "regress 0.9.1", "schemars", + "semver", + "serde", "serde_json", "syn", "thiserror", @@ -1903,13 +1944,14 @@ dependencies = [ [[package]] name = "typify-macro" -version = "0.0.16" +version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cc09508b72f63d521d68e42c7f172c7416d67986df44b3c7d1f7f9963948ed32" +checksum = "f8e6491896e955692d68361c68db2b263e3bec317ec0b684e0e2fa882fb6e31e" dependencies = [ "proc-macro2", "quote", "schemars", + "semver", "serde", "serde_json", "serde_tokenstream", diff --git a/support/x509-limbo-tests/Cargo.toml b/support/x509-limbo-tests/Cargo.toml index 847d826..a6de51a 100644 --- a/support/x509-limbo-tests/Cargo.toml +++ b/support/x509-limbo-tests/Cargo.toml @@ -15,7 +15,11 @@ x509-cert = { version = "0.3.0-pre", features = ["hazmat"] } rayon = "1.10.0" cidr = "0.2.2" +ed25519-dalek = { version = "2.2.0-pre", default-features = false, features = ["fast", "zeroize", "pkcs8"] } + [patch.crates-io] cms = { git = "https://github.com/RustCrypto/formats.git" } x509-ocsp = { git = "https://github.com/RustCrypto/formats.git" } x509-cert = { git = "https://github.com/RustCrypto/formats.git" } +# FIXME: https://github.com/dalek-cryptography/curve25519-dalek/pull/676 +ed25519-dalek = { git = "https://github.com/dalek-cryptography/curve25519-dalek.git", branch = "rustcrypto-new-releases" } From f30ddaafe3fe7c230c958ec4de896acedd6c8ae0 Mon Sep 17 00:00:00 2001 From: Carl Wallace Date: Thu, 12 Sep 2024 10:57:34 -0400 Subject: [PATCH 3/3] account for change to get_paths_for_target error handling --- support/x509-limbo-tests/src/main.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/support/x509-limbo-tests/src/main.rs b/support/x509-limbo-tests/src/main.rs index 765ba87..b5c7db8 100644 --- a/support/x509-limbo-tests/src/main.rs +++ b/support/x509-limbo-tests/src/main.rs @@ -420,8 +420,7 @@ fn evaluate_testcase(tc: &Testcase) -> TestcaseResult { // find all paths in the graph built above let mut paths: Vec = vec![]; - pe.get_paths_for_target(&leaf, &mut paths, 0, time_of_interest) - .unwrap(); + let _r = pe.get_paths_for_target(&leaf, &mut paths, 0, time_of_interest); let mut observed_status_values = vec![]; let mut observed_errors = vec![];