Update for new version of der and friends.
Test: m rust
Change-Id: Ib64bf6482dc58a942cb0733cfdbf0bb0c1c86480
diff --git a/libs/bssl/tests/eckey_test.rs b/libs/bssl/tests/eckey_test.rs
index 9c7eb4f..3c0e45d 100644
--- a/libs/bssl/tests/eckey_test.rs
+++ b/libs/bssl/tests/eckey_test.rs
@@ -15,8 +15,8 @@
use bssl_avf::{sha256, ApiName, Digester, EcKey, EcdsaError, Error, PKey, Result};
use coset::CborSerializable;
use spki::{
- der::{AnyRef, Decode},
- AlgorithmIdentifier, ObjectIdentifier, SubjectPublicKeyInfo,
+ der::{AnyRef, Decode, Encode},
+ AlgorithmIdentifier, ObjectIdentifier, SubjectPublicKeyInfoRef,
};
/// OID value for general-use NIST EC keys held in PKCS#8 and X.509; see RFC 5480 s2.1.1.
@@ -46,13 +46,14 @@
let pkey: PKey = ec_key.try_into()?;
let subject_public_key_info = pkey.subject_public_key_info()?;
- let subject_public_key_info = SubjectPublicKeyInfo::from_der(&subject_public_key_info).unwrap();
+ let subject_public_key_info =
+ SubjectPublicKeyInfoRef::from_der(&subject_public_key_info).unwrap();
let expected_algorithm = AlgorithmIdentifier {
oid: X509_NIST_OID,
parameters: Some(AnyRef::from(&ALGO_PARAM_P256_OID)),
};
assert_eq!(expected_algorithm, subject_public_key_info.algorithm);
- assert!(!subject_public_key_info.subject_public_key.to_vec().is_empty());
+ assert!(!subject_public_key_info.subject_public_key.to_der().unwrap().is_empty());
Ok(())
}
diff --git a/service_vm/requests/src/cert.rs b/service_vm/requests/src/cert.rs
index 73828a7..91281e7 100644
--- a/service_vm/requests/src/cert.rs
+++ b/service_vm/requests/src/cert.rs
@@ -18,7 +18,7 @@
use alloc::vec;
use alloc::vec::Vec;
use der::{
- asn1::{BitStringRef, ObjectIdentifier, UIntRef, Utf8StringRef},
+ asn1::{BitString, ObjectIdentifier, OctetString, Utf8StringRef},
oid::AssociatedOid,
Decode, Sequence,
};
@@ -27,6 +27,7 @@
certificate::{Certificate, TbsCertificate, Version},
ext::Extension,
name::Name,
+ serial_number::SerialNumber,
time::Validity,
};
@@ -111,14 +112,14 @@
/// signature BIT STRING
/// }
/// ```
-pub(crate) fn build_certificate<'a>(
- tbs_cert: TbsCertificate<'a>,
- signature: &'a [u8],
-) -> der::Result<Certificate<'a>> {
+pub(crate) fn build_certificate(
+ tbs_cert: TbsCertificate,
+ signature: &[u8],
+) -> der::Result<Certificate> {
Ok(Certificate {
- signature_algorithm: tbs_cert.signature,
+ signature_algorithm: tbs_cert.signature.clone(),
tbs_certificate: tbs_cert,
- signature: BitStringRef::new(0, signature)?,
+ signature: BitString::new(0, signature)?,
})
}
@@ -141,24 +142,24 @@
/// -- If present, version MUST be v3 --
/// }
/// ```
-pub(crate) fn build_tbs_certificate<'a>(
- serial_number: &'a [u8],
- issuer: Name<'a>,
- subject: Name<'a>,
+pub(crate) fn build_tbs_certificate(
+ serial_number: &[u8],
+ issuer: Name,
+ subject: Name,
validity: Validity,
- subject_public_key_info: &'a [u8],
- attestation_ext: &'a [u8],
-) -> der::Result<TbsCertificate<'a>> {
+ subject_public_key_info: &[u8],
+ attestation_ext: &[u8],
+) -> der::Result<TbsCertificate> {
let signature = AlgorithmIdentifier { oid: ECDSA_WITH_SHA_256, parameters: None };
let subject_public_key_info = SubjectPublicKeyInfo::from_der(subject_public_key_info)?;
let extensions = vec![Extension {
extn_id: AttestationExtension::OID,
critical: false,
- extn_value: attestation_ext,
+ extn_value: OctetString::new(attestation_ext)?,
}];
Ok(TbsCertificate {
version: Version::V3,
- serial_number: UIntRef::new(serial_number)?,
+ serial_number: SerialNumber::new(serial_number)?,
signature,
issuer,
validity,
diff --git a/service_vm/requests/src/client_vm.rs b/service_vm/requests/src/client_vm.rs
index c2f39e7..5b1bf6c 100644
--- a/service_vm/requests/src/client_vm.rs
+++ b/service_vm/requests/src/client_vm.rs
@@ -103,7 +103,7 @@
client_vm_dice_chain.all_entries_are_secure(),
vm_components,
)
- .to_vec()?;
+ .to_der()?;
let tbs_cert = cert::build_tbs_certificate(
&serial_number,
rkp_cert.tbs_certificate.subject,
@@ -122,9 +122,9 @@
RequestProcessingError::FailedToDecryptKeyBlob
})?;
let ec_private_key = EcKey::from_ec_private_key(private_key.as_slice())?;
- let signature = ecdsa_sign(&ec_private_key, &tbs_cert.to_vec()?)?;
+ let signature = ecdsa_sign(&ec_private_key, &tbs_cert.to_der()?)?;
let certificate = cert::build_certificate(tbs_cert, &signature)?;
- Ok(certificate.to_vec()?)
+ Ok(certificate.to_der()?)
}
fn ecdsa_verify(key: &EcKey, signature: &[u8], message: &[u8]) -> bssl_avf::Result<()> {