Update for new version of der and friends.
Test: m rust
Change-Id: Ib64bf6482dc58a942cb0733cfdbf0bb0c1c86480
diff --git a/service_vm/requests/src/cert.rs b/service_vm/requests/src/cert.rs
index 73828a7..91281e7 100644
--- a/service_vm/requests/src/cert.rs
+++ b/service_vm/requests/src/cert.rs
@@ -18,7 +18,7 @@
use alloc::vec;
use alloc::vec::Vec;
use der::{
- asn1::{BitStringRef, ObjectIdentifier, UIntRef, Utf8StringRef},
+ asn1::{BitString, ObjectIdentifier, OctetString, Utf8StringRef},
oid::AssociatedOid,
Decode, Sequence,
};
@@ -27,6 +27,7 @@
certificate::{Certificate, TbsCertificate, Version},
ext::Extension,
name::Name,
+ serial_number::SerialNumber,
time::Validity,
};
@@ -111,14 +112,14 @@
/// signature BIT STRING
/// }
/// ```
-pub(crate) fn build_certificate<'a>(
- tbs_cert: TbsCertificate<'a>,
- signature: &'a [u8],
-) -> der::Result<Certificate<'a>> {
+pub(crate) fn build_certificate(
+ tbs_cert: TbsCertificate,
+ signature: &[u8],
+) -> der::Result<Certificate> {
Ok(Certificate {
- signature_algorithm: tbs_cert.signature,
+ signature_algorithm: tbs_cert.signature.clone(),
tbs_certificate: tbs_cert,
- signature: BitStringRef::new(0, signature)?,
+ signature: BitString::new(0, signature)?,
})
}
@@ -141,24 +142,24 @@
/// -- If present, version MUST be v3 --
/// }
/// ```
-pub(crate) fn build_tbs_certificate<'a>(
- serial_number: &'a [u8],
- issuer: Name<'a>,
- subject: Name<'a>,
+pub(crate) fn build_tbs_certificate(
+ serial_number: &[u8],
+ issuer: Name,
+ subject: Name,
validity: Validity,
- subject_public_key_info: &'a [u8],
- attestation_ext: &'a [u8],
-) -> der::Result<TbsCertificate<'a>> {
+ subject_public_key_info: &[u8],
+ attestation_ext: &[u8],
+) -> der::Result<TbsCertificate> {
let signature = AlgorithmIdentifier { oid: ECDSA_WITH_SHA_256, parameters: None };
let subject_public_key_info = SubjectPublicKeyInfo::from_der(subject_public_key_info)?;
let extensions = vec![Extension {
extn_id: AttestationExtension::OID,
critical: false,
- extn_value: attestation_ext,
+ extn_value: OctetString::new(attestation_ext)?,
}];
Ok(TbsCertificate {
version: Version::V3,
- serial_number: UIntRef::new(serial_number)?,
+ serial_number: SerialNumber::new(serial_number)?,
signature,
issuer,
validity,
diff --git a/service_vm/requests/src/client_vm.rs b/service_vm/requests/src/client_vm.rs
index c2f39e7..5b1bf6c 100644
--- a/service_vm/requests/src/client_vm.rs
+++ b/service_vm/requests/src/client_vm.rs
@@ -103,7 +103,7 @@
client_vm_dice_chain.all_entries_are_secure(),
vm_components,
)
- .to_vec()?;
+ .to_der()?;
let tbs_cert = cert::build_tbs_certificate(
&serial_number,
rkp_cert.tbs_certificate.subject,
@@ -122,9 +122,9 @@
RequestProcessingError::FailedToDecryptKeyBlob
})?;
let ec_private_key = EcKey::from_ec_private_key(private_key.as_slice())?;
- let signature = ecdsa_sign(&ec_private_key, &tbs_cert.to_vec()?)?;
+ let signature = ecdsa_sign(&ec_private_key, &tbs_cert.to_der()?)?;
let certificate = cert::build_certificate(tbs_cert, &signature)?;
- Ok(certificate.to_vec()?)
+ Ok(certificate.to_der()?)
}
fn ecdsa_verify(key: &EcKey, signature: &[u8], message: &[u8]) -> bssl_avf::Result<()> {