diff --git a/Cargo.toml b/Cargo.toml index 553494f..5c34f88 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,7 +11,7 @@ members = ["authenticode", "authenticode-tool", "xtask"] resolver = "2" [workspace.package] -edition = "2021" +edition = "2024" license = "MIT OR Apache-2.0" repository = "https://github.com/google/authenticode-rs" rust-version = "1.85" diff --git a/authenticode-tool/src/main.rs b/authenticode-tool/src/main.rs index caa627c..dbcc628 100644 --- a/authenticode-tool/src/main.rs +++ b/authenticode-tool/src/main.rs @@ -8,7 +8,7 @@ #![forbid(unsafe_code)] -use anyhow::{anyhow, bail, Result}; +use anyhow::{Result, anyhow, bail}; use authenticode::{ AttributeCertificateIterator, AuthenticodeSignature, PeTrait, }; @@ -162,10 +162,12 @@ mod tests { #[test] fn test_action_info() { // Error: bad path. - assert!(run_action(&Action::Info { - pe_path: "../authenticode/tests/testdata/bad.efi".into(), - }) - .is_err()); + assert!( + run_action(&Action::Info { + pe_path: "../authenticode/tests/testdata/bad.efi".into(), + }) + .is_err() + ); // Success, no signatures. run_action(&Action::Info { @@ -189,36 +191,46 @@ mod tests { #[test] fn test_action_get_cert() { // Error: bad path. - assert!(run_action(&Action::GetCert(GetCertAction { - pe_path: "../authenticode/tests/testdata/bad.efi".into(), - sig_index: 0, - cert_index: 0, - })) - .is_err()); + assert!( + run_action(&Action::GetCert(GetCertAction { + pe_path: "../authenticode/tests/testdata/bad.efi".into(), + sig_index: 0, + cert_index: 0, + })) + .is_err() + ); // Error: no signatures. - assert!(run_action(&Action::GetCert(GetCertAction { - pe_path: "../authenticode/tests/testdata/tiny64.efi".into(), - sig_index: 0, - cert_index: 0, - })) - .is_err()); + assert!( + run_action(&Action::GetCert(GetCertAction { + pe_path: "../authenticode/tests/testdata/tiny64.efi".into(), + sig_index: 0, + cert_index: 0, + })) + .is_err() + ); // Error: invalid signature index. - assert!(run_action(&Action::GetCert(GetCertAction { - pe_path: "../authenticode/tests/testdata/tiny64.signed.efi".into(), - sig_index: 1, - cert_index: 0, - })) - .is_err()); + assert!( + run_action(&Action::GetCert(GetCertAction { + pe_path: "../authenticode/tests/testdata/tiny64.signed.efi" + .into(), + sig_index: 1, + cert_index: 0, + })) + .is_err() + ); // Error: invalid certificate index. - assert!(run_action(&Action::GetCert(GetCertAction { - pe_path: "../authenticode/tests/testdata/tiny64.signed.efi".into(), - sig_index: 0, - cert_index: 1, - })) - .is_err()); + assert!( + run_action(&Action::GetCert(GetCertAction { + pe_path: "../authenticode/tests/testdata/tiny64.signed.efi" + .into(), + sig_index: 0, + cert_index: 1, + })) + .is_err() + ); // Success, 32-bit. run_action(&Action::GetCert(GetCertAction { diff --git a/authenticode/src/lib.rs b/authenticode/src/lib.rs index c73c1d7..9f19593 100644 --- a/authenticode/src/lib.rs +++ b/authenticode/src/lib.rs @@ -48,8 +48,8 @@ pub use authenticode_digest::authenticode_digest; pub use pe::{PeOffsetError, PeOffsets, PeTrait}; pub use signature::{ AuthenticodeSignature, AuthenticodeSignatureParseError, DigestInfo, - SpcAttributeTypeAndOptionalValue, SpcIndirectDataContent, - SPC_INDIRECT_DATA_OBJID, + SPC_INDIRECT_DATA_OBJID, SpcAttributeTypeAndOptionalValue, + SpcIndirectDataContent, }; pub use win_cert::{ AttributeCertificate, AttributeCertificateAuthenticodeError, diff --git a/authenticode/src/pe_object.rs b/authenticode/src/pe_object.rs index e3cc84d..eb520fd 100644 --- a/authenticode/src/pe_object.rs +++ b/authenticode/src/pe_object.rs @@ -10,10 +10,10 @@ use crate::pe::{PeOffsetError, PeOffsets, PeTrait}; use crate::usize_from_u32; use core::mem; use core::ops::Range; -use object::pe::{ImageDataDirectory, IMAGE_DIRECTORY_ENTRY_SECURITY}; +use object::pe::{IMAGE_DIRECTORY_ENTRY_SECURITY, ImageDataDirectory}; use object::read::pe::ImageOptionalHeader; use object::read::pe::{ImageNtHeaders, PeFile}; -use object::{pod, LittleEndian, SectionIndex}; +use object::{LittleEndian, SectionIndex, pod}; impl<'data, I> PeTrait for PeFile<'data, I> where diff --git a/authenticode/src/signature.rs b/authenticode/src/signature.rs index 6385826..88e2243 100644 --- a/authenticode/src/signature.rs +++ b/authenticode/src/signature.rs @@ -10,8 +10,8 @@ use cms::content_info::CmsVersion; use cms::content_info::ContentInfo; use cms::signed_data::{SignedData, SignerInfo}; use core::fmt::{self, Display, Formatter}; -use der::asn1::{ObjectIdentifier, OctetString}; use der::Decode; +use der::asn1::{ObjectIdentifier, OctetString}; use der::{Sequence, SliceReader}; use x509_cert::Certificate; diff --git a/authenticode/src/win_cert.rs b/authenticode/src/win_cert.rs index ea1d9a5..61287b8 100644 --- a/authenticode/src/win_cert.rs +++ b/authenticode/src/win_cert.rs @@ -6,8 +6,8 @@ // option. This file may not be copied, modified, or distributed // except according to those terms. -use crate::usize_from_u32; use crate::PeTrait; +use crate::usize_from_u32; use crate::{AuthenticodeSignature, AuthenticodeSignatureParseError}; use core::fmt::{self, Display, Formatter}; @@ -59,10 +59,16 @@ impl Display for AttributeCertificateError { write!(f, "certificate table range is out of bounds") } Self::InvalidSize => { - write!(f, "certificate table size does not match the sum of the certificate entry's aligned sizes") + write!( + f, + "certificate table size does not match the sum of the certificate entry's aligned sizes" + ) } Self::InvalidCertificateSize { size } => { - write!(f, "certificate table contains an entry with an invalid size: {size}") + write!( + f, + "certificate table contains an entry with an invalid size: {size}" + ) } } } diff --git a/authenticode/tests/test_authenticode.rs b/authenticode/tests/test_authenticode.rs index 7b54e2a..fee39d5 100644 --- a/authenticode/tests/test_authenticode.rs +++ b/authenticode/tests/test_authenticode.rs @@ -19,8 +19,8 @@ use core::slice; use digest::{Digest, Update}; use object::endian::LittleEndian as LE; use object::pe::{ - ImageDataDirectory, ImageFileHeader, ImageOptionalHeader64, - IMAGE_DIRECTORY_ENTRY_SECURITY, + IMAGE_DIRECTORY_ENTRY_SECURITY, ImageDataDirectory, ImageFileHeader, + ImageOptionalHeader64, }; use object::read::pe::{PeFile32, PeFile64}; use sha1::Sha1; @@ -127,20 +127,26 @@ fn check_exe(pe: &dyn PeTrait, expected: Expected) { fn test_authenticode32() { let pe = include_bytes!("testdata/tiny32.signed.efi"); let pe64 = PeFile32::parse(pe.as_slice()).unwrap(); - check_exe(&pe64, Expected { - sha1: "49f239f1cd5083912880e03982bb54528f2c358d", - sha256: "4f5b3633fc51d9447beb5c546e9ae6e58d6eb42d1e96d623dc168d97013c08a8", - }); + check_exe( + &pe64, + Expected { + sha1: "49f239f1cd5083912880e03982bb54528f2c358d", + sha256: "4f5b3633fc51d9447beb5c546e9ae6e58d6eb42d1e96d623dc168d97013c08a8", + }, + ); } #[test] fn test_authenticode64() { let pe = include_bytes!("testdata/tiny64.signed.efi"); let pe64 = PeFile64::parse(pe.as_slice()).unwrap(); - check_exe(&pe64, Expected { - sha1: "e9bdfb63bdf687b8d3bf144033fcb09d7a393563", - sha256: "a82d7e4f091c44ec75d97746b3461c8ea9151e2313f8e9a4330432ee5f25b2ae", - }); + check_exe( + &pe64, + Expected { + sha1: "e9bdfb63bdf687b8d3bf144033fcb09d7a393563", + sha256: "a82d7e4f091c44ec75d97746b3461c8ea9151e2313f8e9a4330432ee5f25b2ae", + }, + ); } fn modify_image_security_data_dir(f: F) -> Vec