diff --git a/Cargo.lock b/Cargo.lock index 6b3ff197..7612d2ee 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1438,9 +1438,9 @@ name = "picky-asn1-x509" version = "0.15.1" dependencies = [ "base64", + "crypto-bigint", "expect-test", "hex", - "num-bigint-dig", "oid", "picky-asn1", "picky-asn1-der", diff --git a/ffi/wasm/Cargo.lock b/ffi/wasm/Cargo.lock index e3ae916e..05ee7e54 100644 --- a/ffi/wasm/Cargo.lock +++ b/ffi/wasm/Cargo.lock @@ -218,7 +218,7 @@ checksum = "4113edbc9f68c0a64d5b911f803eb245d04bb812680fd56776411f69c670f3e0" dependencies = [ "hybrid-array", "num-traits", - "rand_core 0.9.3", + "rand_core", "serdect", "subtle", "zeroize", @@ -231,7 +231,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a8235645834fbc6832939736ce2f2d08192652269e11010a6240f61b908a1c6" dependencies = [ "hybrid-array", - "rand_core 0.9.3", + "rand_core", ] [[package]] @@ -242,7 +242,7 @@ checksum = "25f2523fbb68811c8710829417ad488086720a6349e337c38d12fa81e09e50bf" dependencies = [ "crypto-bigint", "libm", - "rand_core 0.9.3", + "rand_core", ] [[package]] @@ -337,7 +337,7 @@ checksum = "ad207ed88a133091f83224265eac21109930db09bedcad05d5252f2af2de20a1" dependencies = [ "curve25519-dalek", "ed25519", - "rand_core 0.9.3", + "rand_core", "sha2", "subtle", "zeroize", @@ -359,7 +359,7 @@ dependencies = [ "once_cell", "pem-rfc7468", "pkcs8", - "rand_core 0.9.3", + "rand_core", "sec1", "subtle", "zeroize", @@ -371,7 +371,7 @@ version = "0.14.0-pre.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d42dd26f5790eda47c1a2158ea4120e32c35ddc9a7743c98a292accc01b54ef3" dependencies = [ - "rand_core 0.9.3", + "rand_core", "subtle", ] @@ -428,7 +428,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1ff6a0b2dd4b981b1ae9e3e6830ab146771f3660d31d57bafd9018805a91b0f1" dependencies = [ "ff", - "rand_core 0.9.3", + "rand_core", "subtle", ] @@ -502,15 +502,6 @@ dependencies = [ "cpufeatures", ] -[[package]] -name = "lazy_static" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" -dependencies = [ - "spin", -] - [[package]] name = "lexical-sort" version = "0.3.1" @@ -564,43 +555,6 @@ dependencies = [ "walkdir", ] -[[package]] -name = "num-bigint-dig" -version = "0.8.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151" -dependencies = [ - "byteorder", - "lazy_static", - "libm", - "num-integer", - "num-iter", - "num-traits", - "rand 0.8.5", - "serde", - "smallvec", -] - -[[package]] -name = "num-integer" -version = "0.1.46" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" -dependencies = [ - "num-traits", -] - -[[package]] -name = "num-iter" -version = "0.1.45" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" -dependencies = [ - "autocfg", - "num-integer", - "num-traits", -] - [[package]] name = "num-traits" version = "0.2.19" @@ -663,7 +617,7 @@ dependencies = [ "elliptic-curve", "primefield", "primeorder", - "rand_core 0.9.3", + "rand_core", "sha2", ] @@ -674,7 +628,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ee14c44aa1c04c22c4d4532c4fa2cdd5b6d31c2514a5898530d889fc2fc2737" dependencies = [ "base64ct", - "rand_core 0.9.3", + "rand_core", "subtle", ] @@ -758,8 +712,8 @@ dependencies = [ "polyval", "primefield", "primeorder", - "rand 0.9.2", - "rand_core 0.9.3", + "rand", + "rand_core", "rfc6979", "rsa", "sec1", @@ -800,7 +754,7 @@ name = "picky-asn1-x509" version = "0.15.1" dependencies = [ "base64", - "num-bigint-dig", + "crypto-bigint", "oid", "picky-asn1", "picky-asn1-der", @@ -856,7 +810,7 @@ checksum = "d7fcd4a163053332fd93f39b81c133e96a98567660981654579c90a99062fbf5" dependencies = [ "crypto-bigint", "ff", - "rand_core 0.9.3", + "rand_core", "subtle", "zeroize", ] @@ -894,35 +848,14 @@ version = "5.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" -[[package]] -name = "rand" -version = "0.8.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" -dependencies = [ - "libc", - "rand_chacha 0.3.1", - "rand_core 0.6.4", -] - [[package]] name = "rand" version = "0.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1" dependencies = [ - "rand_chacha 0.9.0", - "rand_core 0.9.3", -] - -[[package]] -name = "rand_chacha" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" -dependencies = [ - "ppv-lite86", - "rand_core 0.6.4", + "rand_chacha", + "rand_core", ] [[package]] @@ -932,16 +865,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" dependencies = [ "ppv-lite86", - "rand_core 0.9.3", -] - -[[package]] -name = "rand_core" -version = "0.6.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" -dependencies = [ - "getrandom 0.2.16", + "rand_core", ] [[package]] @@ -975,7 +899,7 @@ dependencies = [ "digest", "pkcs1", "pkcs8", - "rand_core 0.9.3", + "rand_core", "signature", "spki", "subtle", @@ -1139,21 +1063,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc280a6ff65c79fbd6622f64d7127f32b85563bca8c53cd2e9141d6744a9056d" dependencies = [ "digest", - "rand_core 0.9.3", + "rand_core", ] -[[package]] -name = "smallvec" -version = "1.15.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" - -[[package]] -name = "spin" -version = "0.9.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" - [[package]] name = "spki" version = "0.8.0-rc.4" @@ -1400,7 +1312,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3a45998121837fd8c92655d2334aa8f3e5ef0645cdfda5b321b13760c548fd55" dependencies = [ "curve25519-dalek", - "rand_core 0.9.3", + "rand_core", "serde", "zeroize", ] diff --git a/picky-asn1-x509/Cargo.toml b/picky-asn1-x509/Cargo.toml index 2ac60f1c..715da40e 100644 --- a/picky-asn1-x509/Cargo.toml +++ b/picky-asn1-x509/Cargo.toml @@ -22,19 +22,19 @@ picky-asn1-der = { version = "0.5", path = "../picky-asn1-der" } serde = { version = "1", features = ["derive"] } oid = { version = "0.2", features = ["serde_support"] } base64 = "0.22" -num-bigint-dig = { version = "0.8", optional = true } +crypto-bigint = { version = "=0.7.0-rc.8", optional = true, features = ["alloc"], default-features = false } widestring = { version = "1.1", default-features = false, features = ["alloc"], optional = true } zeroize = { version = "1.8", optional = true } [dev-dependencies] -num-bigint-dig = "0.8" +crypto-bigint = { version = "=0.7.0-rc.8", features = ["alloc"], default-features = false } pretty_assertions = "1.4" hex = "0.4" expect-test = "1" picky-test-data = { path = "../picky-test-data", version = "0.1" } [features] -legacy = ["num-bigint-dig"] +legacy = ["crypto-bigint"] pkcs7 = ["widestring"] pkcs12 = [] ctl = ["pkcs7"] diff --git a/picky-asn1-x509/src/certificate.rs b/picky-asn1-x509/src/certificate.rs index cc30cf37..bda1c4cd 100644 --- a/picky-asn1-x509/src/certificate.rs +++ b/picky-asn1-x509/src/certificate.rs @@ -163,7 +163,7 @@ mod tests { use crate::{DirectoryName, Extension, KeyIdentifier, KeyUsage}; use base64::Engine as _; use base64::engine::general_purpose; - use num_bigint_dig::BigInt; + use crypto_bigint::BoxedUint; use picky_asn1::bit_string::BitString; use picky_asn1::date::UTCTime; @@ -218,7 +218,10 @@ mod tests { let subject_public_key_info = SubjectPublicKeyInfo::new_rsa_key( IntegerAsn1::from(encoded[165..422].to_vec()), - BigInt::from(65537).to_signed_bytes_be().into(), + BoxedUint::from(65537u32) + .to_be_bytes_trimmed_vartime() + .into_vec() + .into(), ); check_serde!(subject_public_key_info: SubjectPublicKeyInfo in encoded[133..427]); @@ -245,7 +248,10 @@ mod tests { let tbs_certificate = TbsCertificate { version: ExplicitContextTag0(Version::V3), - serial_number: BigInt::from(935548868).to_signed_bytes_be().into(), + serial_number: BoxedUint::from(935548868u32) + .to_be_bytes_trimmed_vartime() + .into_vec() + .into(), signature: signature_algorithm.clone(), issuer, validity, diff --git a/picky-asn1-x509/src/private_key_info.rs b/picky-asn1-x509/src/private_key_info.rs index 33b03e6c..62484902 100644 --- a/picky-asn1-x509/src/private_key_info.rs +++ b/picky-asn1-x509/src/private_key_info.rs @@ -370,36 +370,53 @@ impl<'de> de::Deserialize<'de> for RsaPrivateKey { let coefficient = seq.next_element()?.ok_or_else(|| de::Error::invalid_length(8, &self))?; (exponent_1, exponent_2, coefficient) } else { - use num_bigint_dig::{BigUint, ModInverse}; - - // conversion to num_bigint_dig format BigUint - let private_exponent = BigUint::from_bytes_be(private_exponent.as_unsigned_bytes_be()); - let prime_1 = BigUint::from_bytes_be(prime_1.as_unsigned_bytes_be()); - let prime_2 = BigUint::from_bytes_be(prime_2.as_unsigned_bytes_be()); - - let exponent_1 = &private_exponent % (&prime_1 - 1u8); - let exponent_2 = &private_exponent % (&prime_2 - 1u8); - - let coefficient = prime_2 - .mod_inverse(prime_1) - .ok_or_else(|| { - de::Error::invalid_value( - de::Unexpected::Other("[RSAPrivateKey] no modular inverse for prime 1"), - &"an invertible prime 1 value", - ) - })? - .to_biguint() - .ok_or_else(|| { + use crypto_bigint::{BoxedUint, NonZero, Uint}; + use std::ops::Sub; + + // conversion to crypto_bigint format BoxedUint + let private_exponent = BoxedUint::from_be_slice_vartime(private_exponent.as_unsigned_bytes_be()); + let prime_1 = BoxedUint::from_be_slice_vartime(prime_1.as_unsigned_bytes_be()); + let prime_1 = NonZero::new(prime_1).into_option().ok_or_else(|| { + de::Error::invalid_value( + de::Unexpected::Other("[RSAPrivateKey] prime 1 is zero"), + &"a non zero prime 1", + ) + })?; + + let prime_2 = BoxedUint::from_be_slice_vartime(prime_2.as_unsigned_bytes_be()); + + let one = Uint::<1>::from_u8(1); + let prime_1_minus_one = + NonZero::new(prime_1.as_ref().sub(&one)).into_option().ok_or_else(|| { de::Error::invalid_value( - de::Unexpected::Other("[RSAPrivateKey] BigUint conversion failed"), - &"a valid prime 1 value", + de::Unexpected::Other("[RSAPrivateKey] prime 1 minus one results in zero"), + &"a prime 1 larger than 1", ) })?; + let prime_2_minus_one = NonZero::new((&prime_2).sub(&one)).into_option().ok_or_else(|| { + de::Error::invalid_value( + de::Unexpected::Other("[RSAPrivateKey] prime 2 minus one results in zero"), + &"a prime 2 larger than 1", + ) + })?; + + let exponent_1 = private_exponent.rem(&prime_1_minus_one); + let exponent_2 = private_exponent.rem(&prime_2_minus_one); + + let coefficient = prime_2.invert_mod(&prime_1).into_option().ok_or_else(|| { + de::Error::invalid_value( + de::Unexpected::Other("[RSAPrivateKey] no modular inverse for prime 1"), + &"an invertible prime 1 value", + ) + })?; // conversion to IntegerAsn1 - let exponent_1 = IntegerAsn1::from_bytes_be_unsigned(exponent_1.to_bytes_be()); - let exponent_2 = IntegerAsn1::from_bytes_be_unsigned(exponent_2.to_bytes_be()); - let coefficient = IntegerAsn1::from_bytes_be_unsigned(coefficient.to_bytes_be()); + let exponent_1 = + IntegerAsn1::from_bytes_be_unsigned(exponent_1.to_be_bytes_trimmed_vartime().into_vec()); + let exponent_2 = + IntegerAsn1::from_bytes_be_unsigned(exponent_2.to_be_bytes_trimmed_vartime().into_vec()); + let coefficient = + IntegerAsn1::from_bytes_be_unsigned(coefficient.to_be_bytes_trimmed_vartime().into_vec()); (exponent_1, exponent_2, coefficient) }; diff --git a/picky-asn1-x509/src/subject_public_key_info.rs b/picky-asn1-x509/src/subject_public_key_info.rs index 5b7350da..d362cf74 100644 --- a/picky-asn1-x509/src/subject_public_key_info.rs +++ b/picky-asn1-x509/src/subject_public_key_info.rs @@ -143,7 +143,7 @@ mod tests { use super::*; use base64::Engine as _; use base64::engine::general_purpose; - use num_bigint_dig::BigInt; + use crypto_bigint::BoxedUint; #[test] fn rsa_subject_public_key_info() { @@ -185,7 +185,10 @@ mod tests { ]); check_serde!(modulus: IntegerAsn1 in encoded[28..289]); - let public_exponent: IntegerAsn1 = BigInt::from(65537).to_signed_bytes_be().into(); + let public_exponent: IntegerAsn1 = BoxedUint::from(65537u32) + .to_be_bytes_trimmed_vartime() + .into_vec() + .into(); check_serde!(public_exponent: IntegerAsn1 in encoded[289..294]); // RSA public key