commit 9cf588d65dd63b1a24362deb19bf20c8378ef45e
parent cba1fad2f62181c5847e5e2ebef7f4e8e7983617
Author: Zack Newman <zack@philomathiclife.com>
Date: Wed, 25 Mar 2026 16:30:20 -0600
update crypto libs
Diffstat:
7 files changed, 150 insertions(+), 136 deletions(-)
diff --git a/Cargo.toml b/Cargo.toml
@@ -116,32 +116,31 @@ targets = [
[dependencies]
base64url_nopad = { version = "0.1.4", default-features = false }
-ed25519-dalek = { version = "2.2.0", default-features = false }
+ed25519-dalek = { version = "3.0.0-pre.6", default-features = false }
hashbrown = { version = "0.16.1", default-features = false }
ml-dsa = { version = "0.1.0-rc.7", default-features = false }
-p256 = { version = "0.13.2", default-features = false, features = ["ecdsa"] }
-p384 = { version = "0.13.1", default-features = false, features = ["ecdsa"] }
+p256 = { version = "0.14.0-rc.8", default-features = false, features = ["ecdsa"] }
+p384 = { version = "0.14.0-rc.8", default-features = false, features = ["ecdsa"] }
precis-profiles = { version = "0.1.13", default-features = false }
rand = { version = "0.10.0", default-features = false, features = ["thread_rng"] }
-rsa = { version = "0.9.10", default-features = false, features = ["sha2"] }
+rsa = { version = "0.10.0-rc.17", default-features = false, features = ["encoding", "sha2"] }
serde = { version = "1.0.228", default-features = false, features = ["alloc"], optional = true }
serde_json = { version = "1.0.149", default-features = false, features = ["alloc"], optional = true }
url = { version = "2.5.8", default-features = false }
[dev-dependencies]
base64url_nopad = { version = "0.1.4", default-features = false, features = ["alloc"] }
-ed25519-dalek = { version = "2.2.0", default-features = false, features = ["alloc", "pkcs8"] }
+ed25519-dalek = { version = "3.0.0-pre.6", default-features = false, features = ["alloc", "pkcs8"] }
ml-dsa = { version = "0.1.0-rc.7", default-features = false, features = ["alloc", "pkcs8"] }
-p256 = { version = "0.13.2", default-features = false, features = ["pem"] }
-p384 = { version = "0.13.1", default-features = false, features = ["pkcs8"] }
-pkcs8 = { version = "0.11.0-rc.11", default-features = false }
+p256 = { version = "0.14.0-rc.8", default-features = false, features = ["pem"] }
+p384 = { version = "0.14.0-rc.8", default-features = false, features = ["pkcs8"] }
serde_json = { version = "1.0.149", default-features = false, features = ["preserve_order"] }
### FEATURES #################################################################
[features]
-default = ["bin", "serde"]
+default = ["serializable_server_state", "serde_relaxed", "custom"]
# Provide binary (de)serialization for persistent data.
bin = []
diff --git a/src/request.rs b/src/request.rs
@@ -1741,7 +1741,6 @@ mod tests {
#[cfg(feature = "custom")]
use ml_dsa::{
MlDsa44, MlDsa65, MlDsa87, Signature as MlDsaSignature, SigningKey as MlDsaSigKey,
- signature::Signer as _,
};
#[cfg(feature = "custom")]
use p256::{
@@ -1752,7 +1751,7 @@ mod tests {
use p384::ecdsa::{DerSignature as P384DerSig, SigningKey as P384Key};
#[cfg(feature = "custom")]
use rsa::{
- BigUint, RsaPrivateKey,
+ BoxedUint, RsaPrivateKey,
pkcs1v15::SigningKey as RsaKey,
sha2::{Digest as _, Sha256},
signature::{Keypair as _, SignatureEncoding as _},
@@ -9299,7 +9298,7 @@ mod tests {
)
.unwrap()
.verifying_key()
- .to_encoded_point(false);
+ .to_sec1_point(false);
let x = p256_key.x().unwrap();
let y = p256_key.y().unwrap();
attestation_object[111..143].copy_from_slice(x);
@@ -9396,7 +9395,7 @@ mod tests {
)
.unwrap();
let der_sig: P256DerSig = p256_key.sign(authenticator_data.as_slice());
- let pub_key = p256_key.verifying_key().to_encoded_point(true);
+ let pub_key = p256_key.verifying_key().to_sec1_point(true);
authenticator_data.truncate(37);
assert!(!opts.start_ceremony()?.0.verify(
RP_ID,
@@ -9713,7 +9712,7 @@ mod tests {
)
.unwrap()
.verifying_key()
- .to_encoded_point(false);
+ .to_sec1_point(false);
let x = p384_key.x().unwrap();
let y = p384_key.y().unwrap();
attestation_object[112..160].copy_from_slice(x);
@@ -9811,7 +9810,7 @@ mod tests {
)
.unwrap();
let der_sig: P384DerSig = p384_key.sign(authenticator_data.as_slice());
- let pub_key = p384_key.verifying_key().to_encoded_point(true);
+ let pub_key = p384_key.verifying_key().to_sec1_point(true);
authenticator_data.truncate(37);
assert!(!opts.start_ceremony()?.0.verify(
RP_ID,
@@ -10311,7 +10310,7 @@ mod tests {
24, 245, 127, 122, 247, 152, 212, 75, 45, 59, 90, 184, 234, 31, 147, 36, 8, 212, 45,
50, 23, 3, 25, 253, 87, 227, 79, 119, 161,
];
- let p = BigUint::from_bytes_le(
+ let p = BoxedUint::from_le_slice_vartime(
[
215, 166, 5, 21, 11, 179, 41, 77, 198, 92, 165, 48, 77, 162, 42, 41, 206, 141, 60,
69, 47, 164, 19, 92, 46, 72, 100, 238, 100, 53, 214, 197, 163, 185, 6, 140, 229,
@@ -10324,7 +10323,7 @@ mod tests {
]
.as_slice(),
);
- let p_2 = BigUint::from_bytes_le(
+ let p_2 = BoxedUint::from_le_slice_vartime(
[
41, 25, 198, 240, 134, 206, 121, 57, 11, 5, 134, 192, 212, 77, 229, 197, 14, 78,
85, 212, 190, 114, 179, 188, 21, 171, 174, 12, 104, 74, 15, 164, 136, 173, 62, 177,
@@ -10339,16 +10338,16 @@ mod tests {
);
let rsa_key = RsaKey::<Sha256>::new(
RsaPrivateKey::from_components(
- BigUint::from_bytes_le(n.as_slice()),
+ BoxedUint::from_le_slice_vartime(n.as_slice()),
e.into(),
- BigUint::from_bytes_le(d.as_slice()),
+ BoxedUint::from_le_slice_vartime(d.as_slice()),
vec![p, p_2],
)
.unwrap(),
)
.verifying_key();
- let n_other = rsa_key.as_ref().n().to_bytes_be();
- attestation_object[113..369].copy_from_slice(n_other.as_slice());
+ let n_other = rsa_key.as_ref().n().to_be_bytes();
+ attestation_object[113..369].copy_from_slice(&n_other);
assert!(matches!(opts.start_ceremony()?.0.verify(
RP_ID,
&Registration {
@@ -10364,7 +10363,7 @@ mod tests {
},
},
&RegistrationVerificationOptions::<&str, &str>::default(),
- )?.static_state.credential_public_key, UncompressedPubKey::Rsa(k) if *k.n() == n_other.as_slice() && k.e() == e));
+ )?.static_state.credential_public_key, UncompressedPubKey::Rsa(k) if **k.n() == *n_other && k.e() == e));
Ok(())
}
#[expect(
@@ -10466,7 +10465,7 @@ mod tests {
24, 245, 127, 122, 247, 152, 212, 75, 45, 59, 90, 184, 234, 31, 147, 36, 8, 212, 45,
50, 23, 3, 25, 253, 87, 227, 79, 119, 161,
];
- let p = BigUint::from_bytes_le(
+ let p = BoxedUint::from_le_slice_vartime(
[
215, 166, 5, 21, 11, 179, 41, 77, 198, 92, 165, 48, 77, 162, 42, 41, 206, 141, 60,
69, 47, 164, 19, 92, 46, 72, 100, 238, 100, 53, 214, 197, 163, 185, 6, 140, 229,
@@ -10479,7 +10478,7 @@ mod tests {
]
.as_slice(),
);
- let p_2 = BigUint::from_bytes_le(
+ let p_2 = BoxedUint::from_le_slice_vartime(
[
41, 25, 198, 240, 134, 206, 121, 57, 11, 5, 134, 192, 212, 77, 229, 197, 14, 78,
85, 212, 190, 114, 179, 188, 21, 171, 174, 12, 104, 74, 15, 164, 136, 173, 62, 177,
@@ -10494,9 +10493,9 @@ mod tests {
);
let rsa_key = RsaKey::<Sha256>::new(
RsaPrivateKey::from_components(
- BigUint::from_bytes_le(n.as_slice()),
+ BoxedUint::from_le_slice_vartime(n.as_slice()),
e.into(),
- BigUint::from_bytes_le(d.as_slice()),
+ BoxedUint::from_le_slice_vartime(d.as_slice()),
vec![p, p_2],
)
.unwrap(),
@@ -10504,46 +10503,40 @@ mod tests {
let rsa_pub = rsa_key.verifying_key();
let sig = rsa_key.sign(authenticator_data.as_slice()).to_vec();
authenticator_data.truncate(37);
- assert!(
- !opts.start_ceremony()?.0.verify(
- RP_ID,
- &DiscoverableAuthentication {
- raw_id: CredentialId::try_from(vec![0; 16].into_boxed_slice())?,
- response: DiscoverableAuthenticatorAssertion::new(
- client_data_json,
- authenticator_data,
- sig,
- UserHandle::from([0]),
+ assert!(!opts.start_ceremony()?.0.verify(
+ RP_ID,
+ &DiscoverableAuthentication {
+ raw_id: CredentialId::try_from(vec![0; 16].into_boxed_slice())?,
+ response: DiscoverableAuthenticatorAssertion::new(
+ client_data_json,
+ authenticator_data,
+ sig,
+ UserHandle::from([0]),
+ ),
+ authenticator_attachment: AuthenticatorAttachment::None,
+ },
+ &mut AuthenticatedCredential::new(
+ CredentialId::try_from([0; 16].as_slice())?,
+ &UserHandle::from([0]),
+ StaticState {
+ credential_public_key: CompressedPubKeyOwned::Rsa(
+ RsaPubKey::try_from((rsa_pub.as_ref().n().to_be_bytes(), e)).unwrap(),
),
+ extensions: AuthenticatorExtensionOutputStaticState {
+ cred_protect: CredentialProtectionPolicy::None,
+ hmac_secret: None,
+ },
+ client_extension_results: ClientExtensionsOutputsStaticState { prf: None }
+ },
+ DynamicState {
+ user_verified: true,
+ backup: Backup::NotEligible,
+ sign_count: 0,
authenticator_attachment: AuthenticatorAttachment::None,
},
- &mut AuthenticatedCredential::new(
- CredentialId::try_from([0; 16].as_slice())?,
- &UserHandle::from([0]),
- StaticState {
- credential_public_key: CompressedPubKeyOwned::Rsa(
- RsaPubKey::try_from((
- rsa_pub.as_ref().n().to_bytes_be().into_boxed_slice(),
- e
- ))
- .unwrap(),
- ),
- extensions: AuthenticatorExtensionOutputStaticState {
- cred_protect: CredentialProtectionPolicy::None,
- hmac_secret: None,
- },
- client_extension_results: ClientExtensionsOutputsStaticState { prf: None }
- },
- DynamicState {
- user_verified: true,
- backup: Backup::NotEligible,
- sign_count: 0,
- authenticator_attachment: AuthenticatorAttachment::None,
- },
- )?,
- &AuthenticationVerificationOptions::<&str, &str>::default(),
- )?
- );
+ )?,
+ &AuthenticationVerificationOptions::<&str, &str>::default(),
+ )?);
Ok(())
}
}
diff --git a/src/response/auth.rs b/src/response/auth.rs
@@ -29,7 +29,7 @@ use super::{
};
use core::convert::Infallible;
use ed25519_dalek::{Signature, Verifier as _};
-use ml_dsa::{MlDsa44, MlDsa65, MlDsa87, Signature as MlDsaSig, signature::Verifier as _};
+use ml_dsa::{MlDsa44, MlDsa65, MlDsa87, Signature as MlDsaSig};
use p256::ecdsa::DerSignature as P256DerSig;
use p384::ecdsa::DerSignature as P384DerSig;
use rsa::{
diff --git a/src/response/register.rs b/src/response/register.rs
@@ -41,21 +41,18 @@ use core::{
fmt::{self, Display, Formatter},
};
use ed25519_dalek::{Signature, Verifier as _, VerifyingKey};
-use ml_dsa::{
- MlDsa44, MlDsa65, MlDsa87, Signature as MlDsaSignature, VerifyingKey as MlDsaVerKey,
- signature::Verifier as _,
-};
+use ml_dsa::{MlDsa44, MlDsa65, MlDsa87, Signature as MlDsaSignature, VerifyingKey as MlDsaVerKey};
use p256::{
- AffinePoint as P256Affine, EncodedPoint as P256Pt, NistP256,
+ AffinePoint as P256Affine, NistP256, Sec1Point as P256Pt,
ecdsa::{DerSignature as P256Sig, VerifyingKey as P256VerKey},
- elliptic_curve::{Curve, generic_array::typenum::ToInt as _, point::DecompressPoint as _},
+ elliptic_curve::{Curve, common::typenum::ToInt as _, point::DecompressPoint as _},
};
use p384::{
- AffinePoint as P384Affine, EncodedPoint as P384Pt, NistP384,
+ AffinePoint as P384Affine, NistP384, Sec1Point as P384Pt,
ecdsa::{DerSignature as P384Sig, VerifyingKey as P384VerKey},
};
use rsa::{
- BigUint, RsaPublicKey,
+ BoxedUint, RsaPublicKey,
pkcs1v15::{self, VerifyingKey as RsaVerKey},
sha2::{Sha256, digest::Digest as _},
};
@@ -1169,10 +1166,17 @@ impl<'a> UncompressedP256PubKey<'a> {
self.into_ver_key().map(|_| ())
}
/// Converts `self` into [`P256VerKey`].
+ #[expect(clippy::unreachable, reason = "want to crash when there is a bug")]
fn into_ver_key(self) -> Result<P256VerKey, PubKeyErr> {
- P256VerKey::from_encoded_point(&P256Pt::from_affine_coordinates(
- self.0.into(),
- self.1.into(),
+ P256VerKey::from_sec1_point(&P256Pt::from_affine_coordinates(
+ self.0
+ .as_array()
+ .unwrap_or_else(|| unreachable!("there is a bug in slice::as_array"))
+ .into(),
+ self.1
+ .as_array()
+ .unwrap_or_else(|| unreachable!("there is a bug in slice::as_array"))
+ .into(),
false,
))
.map_err(|_e| PubKeyErr::P256)
@@ -1295,11 +1299,18 @@ impl CompressedP256PubKey<&[u8]> {
self.into_ver_key().map(|_| ())
}
/// Converts `self` into [`P256VerKey`].
+ #[expect(clippy::unreachable, reason = "want to crash when there is a bug")]
pub(super) fn into_ver_key(self) -> Result<P256VerKey, PubKeyErr> {
- P256Affine::decompress(self.x.into(), u8::from(self.y_is_odd).into())
- .into_option()
- .ok_or(PubKeyErr::P256)
- .and_then(|pt| P256VerKey::from_affine(pt).map_err(|_e| PubKeyErr::P256))
+ P256Affine::decompress(
+ self.x
+ .as_array()
+ .unwrap_or_else(|| unreachable!("there is a bug in slice::as_array"))
+ .into(),
+ u8::from(self.y_is_odd).into(),
+ )
+ .into_option()
+ .ok_or(PubKeyErr::P256)
+ .and_then(|pt| P256VerKey::from_affine(pt).map_err(|_e| PubKeyErr::P256))
}
}
impl<'a: 'b, 'b> TryFrom<(&'a [u8], bool)> for CompressedP256PubKey<&'b [u8]> {
@@ -1428,10 +1439,17 @@ impl<'a> UncompressedP384PubKey<'a> {
self.into_ver_key().map(|_| ())
}
/// Converts `self` into [`P384VerKey`].
+ #[expect(clippy::unreachable, reason = "want to crash when there is a bug")]
fn into_ver_key(self) -> Result<P384VerKey, PubKeyErr> {
- P384VerKey::from_encoded_point(&P384Pt::from_affine_coordinates(
- self.0.into(),
- self.1.into(),
+ P384VerKey::from_sec1_point(&P384Pt::from_affine_coordinates(
+ self.0
+ .as_array()
+ .unwrap_or_else(|| unreachable!("there is a bug in slice::as_array"))
+ .into(),
+ self.1
+ .as_array()
+ .unwrap_or_else(|| unreachable!("there is a bug in slice::as_array"))
+ .into(),
false,
))
.map_err(|_e| PubKeyErr::P384)
@@ -1555,11 +1573,18 @@ impl CompressedP384PubKey<&[u8]> {
self.into_ver_key().map(|_| ())
}
/// Converts `self` into [`P384VerKey`].
+ #[expect(clippy::unreachable, reason = "want to crash when there is a bug")]
pub(super) fn into_ver_key(self) -> Result<P384VerKey, PubKeyErr> {
- P384Affine::decompress(self.x.into(), u8::from(self.y_is_odd).into())
- .into_option()
- .ok_or(PubKeyErr::P384)
- .and_then(|pt| P384VerKey::from_affine(pt).map_err(|_e| PubKeyErr::P384))
+ P384Affine::decompress(
+ self.x
+ .as_array()
+ .unwrap_or_else(|| unreachable!("there is a bug in slice::as_array"))
+ .into(),
+ u8::from(self.y_is_odd).into(),
+ )
+ .into_option()
+ .ok_or(PubKeyErr::P384)
+ .and_then(|pt| P384VerKey::from_affine(pt).map_err(|_e| PubKeyErr::P384))
}
}
impl<'a: 'b, 'b> TryFrom<(&'a [u8], bool)> for CompressedP384PubKey<&'b [u8]> {
@@ -1708,7 +1733,7 @@ impl<T: AsRef<[u8]>> RsaPubKey<T> {
/// Converts `self` into [`RsaVerKey`].
pub(super) fn as_ver_key(&self) -> RsaVerKey<Sha256> {
RsaVerKey::new(RsaPublicKey::new_unchecked(
- BigUint::from_bytes_be(self.0.as_ref()),
+ BoxedUint::from_be_slice_vartime(self.0.as_ref()),
self.1.into(),
))
}
@@ -4149,8 +4174,6 @@ mod tests {
};
use ed25519_dalek::Verifier as _;
use p256::ecdsa::{DerSignature as P256Sig, SigningKey as P256Key};
- #[cfg(not(feature = "serde"))]
- use pkcs8 as _;
use rsa::sha2::{Digest as _, Sha256};
#[expect(clippy::panic, reason = "OK in tests")]
#[expect(
@@ -4212,7 +4235,7 @@ mod tests {
let key = *P256Key::from_slice(credential_private_key.as_slice())
.unwrap()
.verifying_key();
- let enc_key = key.to_encoded_point(false);
+ let enc_key = key.to_sec1_point(false);
let auth_attest =
AuthenticatorAttestation::new(client_data_json, attestation_object, AuthTransports(0));
let att_obj = AttestationObject::from_data(
@@ -4285,7 +4308,7 @@ mod tests {
let key = *P256Key::from_slice(credential_private_key.as_slice())
.unwrap()
.verifying_key();
- let enc_key = key.to_encoded_point(false);
+ let enc_key = key.to_sec1_point(false);
let auth_attest =
AuthenticatorAttestation::new(client_data_json, attestation_object, AuthTransports(0));
let (att_obj, auth_idx) = AttestationObject::parse_data(auth_attest.attestation_object())?;
diff --git a/src/response/register/bin.rs b/src/response/register/bin.rs
@@ -17,7 +17,7 @@ use core::{
};
use p256::{
NistP256,
- elliptic_curve::{Curve, generic_array::typenum::ToInt as _},
+ elliptic_curve::{Curve, common::typenum::ToInt as _},
};
use p384::NistP384;
impl EncodeBuffer for CredentialProtectionPolicy {
diff --git a/src/response/register/ser.rs b/src/response/register/ser.rs
@@ -30,7 +30,7 @@ mod spki {
use core::fmt::{self, Display, Formatter};
use p256::{
NistP256,
- elliptic_curve::{Curve, generic_array::typenum::type_operators::ToInt as _},
+ elliptic_curve::{Curve, common::typenum::type_operators::ToInt as _},
};
use p384::NistP384;
/// Value assigned to the integer type under the universal tag class per
@@ -1692,13 +1692,12 @@ mod tests {
use ed25519_dalek::{VerifyingKey, pkcs8::EncodePublicKey as _};
use ml_dsa::{MlDsa44, MlDsa65, MlDsa87, VerifyingKey as MlDsaVerKey};
use p256::{
- EncodedPoint as P256Pt, PublicKey as P256PubKey, SecretKey as P256Key,
- elliptic_curve::sec1::{FromEncodedPoint as _, ToEncodedPoint as _},
+ PublicKey as P256PubKey, Sec1Point as P256Pt, SecretKey as P256Key,
+ elliptic_curve::sec1::{FromSec1Point as _, ToSec1Point as _},
};
- use p384::{EncodedPoint as P384Pt, PublicKey as P384PubKey, SecretKey as P384Key};
- use pkcs8::EncodePublicKey as _;
+ use p384::{PublicKey as P384PubKey, Sec1Point as P384Pt, SecretKey as P384Key};
use rsa::{
- BigUint, RsaPrivateKey,
+ BoxedUint, RsaPrivateKey,
sha2::{Digest as _, Sha256},
traits::PublicKeyParts as _,
};
@@ -1769,7 +1768,7 @@ mod tests {
)
.unwrap()
.public_key();
- let enc_key = key.to_encoded_point(false);
+ let enc_key = key.to_sec1_point(false);
assert!(
UncompressedP256PubKey::from_der(key.to_public_key_der().unwrap().as_bytes())
.is_ok_and(|k| *k.0 == **enc_key.x().unwrap() && *k.1 == **enc_key.y().unwrap())
@@ -1788,7 +1787,7 @@ mod tests {
)
.unwrap()
.public_key();
- let enc_key = key.to_encoded_point(false);
+ let enc_key = key.to_sec1_point(false);
assert!(
UncompressedP384PubKey::from_der(key.to_public_key_der().unwrap().as_bytes())
.is_ok_and(|k| *k.0 == **enc_key.x().unwrap() && *k.1 == **enc_key.y().unwrap())
@@ -1830,7 +1829,7 @@ mod tests {
24, 245, 127, 122, 247, 152, 212, 75, 45, 59, 90, 184, 234, 31, 147, 36, 8, 212, 45,
50, 23, 3, 25, 253, 87, 227, 79, 119, 161,
];
- let p = BigUint::from_bytes_le(
+ let p = BoxedUint::from_le_slice_vartime(
[
215, 166, 5, 21, 11, 179, 41, 77, 198, 92, 165, 48, 77, 162, 42, 41, 206, 141, 60,
69, 47, 164, 19, 92, 46, 72, 100, 238, 100, 53, 214, 197, 163, 185, 6, 140, 229,
@@ -1843,7 +1842,7 @@ mod tests {
]
.as_slice(),
);
- let p_2 = BigUint::from_bytes_le(
+ let p_2 = BoxedUint::from_le_slice_vartime(
[
41, 25, 198, 240, 134, 206, 121, 57, 11, 5, 134, 192, 212, 77, 229, 197, 14, 78,
85, 212, 190, 114, 179, 188, 21, 171, 174, 12, 104, 74, 15, 164, 136, 173, 62, 177,
@@ -1857,16 +1856,16 @@ mod tests {
.as_slice(),
);
let key = RsaPrivateKey::from_components(
- BigUint::from_bytes_le(n.as_slice()),
+ BoxedUint::from_le_slice_vartime(n.as_slice()),
e.into(),
- BigUint::from_bytes_le(d.as_slice()),
+ BoxedUint::from_le_slice_vartime(d.as_slice()),
vec![p, p_2],
)
.unwrap()
.to_public_key();
assert!(
RsaPubKey::from_der(key.to_public_key_der().unwrap().as_bytes())
- .is_ok_and(|k| k.0 == key.n().to_bytes_be() && BigUint::from(k.1) == *key.e())
+ .is_ok_and(|k| *k.0 == *key.n().to_be_bytes() && BoxedUint::from(k.1) == *key.e())
);
}
#[expect(clippy::unwrap_used, reason = "OK in tests")]
@@ -11509,7 +11508,7 @@ mod tests {
)
.unwrap()
.public_key();
- let enc_key = key.to_encoded_point(false);
+ let enc_key = key.to_sec1_point(false);
let pub_key = key.to_public_key_der().unwrap();
let att_obj_len = att_obj.len();
let x_start = att_obj_len - 67;
@@ -11641,7 +11640,7 @@ mod tests {
Some(err.as_slice())
);
// `publicKey` mismatch.
- let bad_pub_key = P256PubKey::from_encoded_point(&P256Pt::from_affine_coordinates(
+ let bad_pub_key = P256PubKey::from_sec1_point(&P256Pt::from_affine_coordinates(
&[
66, 71, 188, 41, 125, 2, 226, 44, 148, 62, 63, 190, 172, 64, 33, 214, 6, 37, 148,
23, 240, 235, 203, 84, 112, 219, 232, 197, 54, 182, 17, 235,
@@ -11988,7 +11987,7 @@ mod tests {
)
.unwrap()
.public_key();
- let enc_key = key.to_encoded_point(false);
+ let enc_key = key.to_sec1_point(false);
let pub_key = key.to_public_key_der().unwrap();
let att_obj_len = att_obj.len();
let x_start = att_obj_len - 99;
@@ -12120,7 +12119,7 @@ mod tests {
Some(err.as_slice())
);
// `publicKey` mismatch.
- let bad_pub_key = P384PubKey::from_encoded_point(&P384Pt::from_affine_coordinates(
+ let bad_pub_key = P384PubKey::from_sec1_point(&P384Pt::from_affine_coordinates(
&[
192, 10, 27, 46, 66, 67, 80, 98, 33, 230, 156, 95, 1, 135, 150, 110, 64, 243, 22,
118, 5, 255, 107, 44, 234, 111, 217, 105, 125, 114, 39, 7, 126, 2, 191, 111, 48,
@@ -12699,7 +12698,7 @@ mod tests {
24, 245, 127, 122, 247, 152, 212, 75, 45, 59, 90, 184, 234, 31, 147, 36, 8, 212, 45,
50, 23, 3, 25, 253, 87, 227, 79, 119, 161,
];
- let p = BigUint::from_bytes_le(
+ let p = BoxedUint::from_le_slice_vartime(
[
215, 166, 5, 21, 11, 179, 41, 77, 198, 92, 165, 48, 77, 162, 42, 41, 206, 141, 60,
69, 47, 164, 19, 92, 46, 72, 100, 238, 100, 53, 214, 197, 163, 185, 6, 140, 229,
@@ -12712,7 +12711,7 @@ mod tests {
]
.as_slice(),
);
- let p_2 = BigUint::from_bytes_le(
+ let p_2 = BoxedUint::from_le_slice_vartime(
[
41, 25, 198, 240, 134, 206, 121, 57, 11, 5, 134, 192, 212, 77, 229, 197, 14, 78,
85, 212, 190, 114, 179, 188, 21, 171, 174, 12, 104, 74, 15, 164, 136, 173, 62, 177,
@@ -12726,9 +12725,9 @@ mod tests {
.as_slice(),
);
let key = RsaPrivateKey::from_components(
- BigUint::from_bytes_le(n.as_slice()),
+ BoxedUint::from_le_slice_vartime(n.as_slice()),
e.into(),
- BigUint::from_bytes_le(d.as_slice()),
+ BoxedUint::from_le_slice_vartime(d.as_slice()),
vec![p, p_2],
)
.unwrap()
@@ -12738,7 +12737,8 @@ mod tests {
let n_start_idx = att_obj_len - 261;
let e_meta_start_idx = n_start_idx + 256;
// Correct and won't `panic`.
- att_obj[n_start_idx..e_meta_start_idx].copy_from_slice(key.n().to_bytes_be().as_slice());
+ att_obj[n_start_idx..e_meta_start_idx]
+ .copy_from_slice(key.n().to_be_bytes_trimmed_vartime().as_ref());
let b64_cdata_json = base64url_nopad::encode(c_data_json.as_bytes());
// Won't `panic`.
let b64_adata = base64url_nopad::encode(&att_obj[31..]);
@@ -12865,7 +12865,7 @@ mod tests {
);
// `publicKey` mismatch.
let bad_pub_key = RsaPrivateKey::from_components(
- BigUint::from_bytes_le(
+ BoxedUint::from_le_slice_vartime(
[
175, 161, 161, 75, 52, 244, 72, 168, 29, 119, 33, 120, 3, 222, 231, 152, 222,
119, 112, 83, 221, 237, 74, 174, 79, 216, 147, 251, 245, 94, 234, 114, 254, 21,
@@ -12886,7 +12886,7 @@ mod tests {
.as_slice(),
),
0x0001_0001u32.into(),
- BigUint::from_bytes_le(
+ BoxedUint::from_le_slice_vartime(
[
129, 93, 123, 251, 104, 29, 84, 203, 116, 100, 75, 237, 111, 160, 12, 100, 172,
76, 57, 178, 144, 235, 81, 61, 115, 243, 28, 40, 183, 22, 56, 150, 68, 38, 220,
@@ -12907,7 +12907,7 @@ mod tests {
.as_slice(),
),
vec![
- BigUint::from_bytes_le(
+ BoxedUint::from_le_slice_vartime(
[
215, 199, 110, 28, 64, 16, 16, 109, 106, 152, 150, 124, 52, 166, 121, 92,
242, 13, 0, 69, 7, 152, 72, 172, 118, 63, 156, 180, 140, 39, 53, 29, 197,
@@ -12920,7 +12920,7 @@ mod tests {
]
.as_slice(),
),
- BigUint::from_bytes_le(
+ BoxedUint::from_le_slice_vartime(
[
233, 89, 204, 152, 31, 242, 8, 110, 38, 190, 111, 159, 105, 105, 45, 85,
15, 244, 30, 250, 174, 226, 219, 111, 107, 191, 196, 135, 17, 123, 186,
diff --git a/src/response/register/ser_relaxed.rs b/src/response/register/ser_relaxed.rs
@@ -446,13 +446,12 @@ mod tests {
use ed25519_dalek::{VerifyingKey, pkcs8::EncodePublicKey as _};
use ml_dsa::{MlDsa44, MlDsa65, MlDsa87, VerifyingKey as MlDsaVerKey};
use p256::{
- EncodedPoint as P256Pt, PublicKey as P256PubKey, SecretKey as P256Key,
- elliptic_curve::sec1::{FromEncodedPoint as _, ToEncodedPoint as _},
+ PublicKey as P256PubKey, Sec1Point as P256Pt, SecretKey as P256Key,
+ elliptic_curve::sec1::{FromSec1Point as _, ToSec1Point as _},
};
- use p384::{EncodedPoint as P384Pt, PublicKey as P384PubKey, SecretKey as P384Key};
- use pkcs8::EncodePublicKey as _;
+ use p384::{PublicKey as P384PubKey, Sec1Point as P384Pt, SecretKey as P384Key};
use rsa::{
- BigUint, RsaPrivateKey,
+ BoxedUint, RsaPrivateKey,
sha2::{Digest as _, Sha256},
traits::PublicKeyParts as _,
};
@@ -10357,7 +10356,7 @@ mod tests {
)
.unwrap()
.public_key();
- let enc_key = key.to_encoded_point(false);
+ let enc_key = key.to_sec1_point(false);
let pub_key = key.to_public_key_der().unwrap();
let att_obj_len = att_obj.len();
let x_start = att_obj_len - 67;
@@ -10478,7 +10477,7 @@ mod tests {
.unwrap(),
);
// `publicKey` mismatch.
- let bad_pub_key = P256PubKey::from_encoded_point(&P256Pt::from_affine_coordinates(
+ let bad_pub_key = P256PubKey::from_sec1_point(&P256Pt::from_affine_coordinates(
&[
66, 71, 188, 41, 125, 2, 226, 44, 148, 62, 63, 190, 172, 64, 33, 214, 6, 37, 148,
23, 240, 235, 203, 84, 112, 219, 232, 197, 54, 182, 17, 235,
@@ -10836,7 +10835,7 @@ mod tests {
)
.unwrap()
.public_key();
- let enc_key = key.to_encoded_point(false);
+ let enc_key = key.to_sec1_point(false);
let pub_key = key.to_public_key_der().unwrap();
let att_obj_len = att_obj.len();
let x_start = att_obj_len - 99;
@@ -10957,7 +10956,7 @@ mod tests {
.unwrap(),
);
// `publicKey` mismatch.
- let bad_pub_key = P384PubKey::from_encoded_point(&P384Pt::from_affine_coordinates(
+ let bad_pub_key = P384PubKey::from_sec1_point(&P384Pt::from_affine_coordinates(
&[
192, 10, 27, 46, 66, 67, 80, 98, 33, 230, 156, 95, 1, 135, 150, 110, 64, 243, 22,
118, 5, 255, 107, 44, 234, 111, 217, 105, 125, 114, 39, 7, 126, 2, 191, 111, 48,
@@ -11558,7 +11557,7 @@ mod tests {
24, 245, 127, 122, 247, 152, 212, 75, 45, 59, 90, 184, 234, 31, 147, 36, 8, 212, 45,
50, 23, 3, 25, 253, 87, 227, 79, 119, 161,
];
- let p = BigUint::from_bytes_le(
+ let p = BoxedUint::from_le_slice_vartime(
[
215, 166, 5, 21, 11, 179, 41, 77, 198, 92, 165, 48, 77, 162, 42, 41, 206, 141, 60,
69, 47, 164, 19, 92, 46, 72, 100, 238, 100, 53, 214, 197, 163, 185, 6, 140, 229,
@@ -11571,7 +11570,7 @@ mod tests {
]
.as_slice(),
);
- let p_2 = BigUint::from_bytes_le(
+ let p_2 = BoxedUint::from_le_slice_vartime(
[
41, 25, 198, 240, 134, 206, 121, 57, 11, 5, 134, 192, 212, 77, 229, 197, 14, 78,
85, 212, 190, 114, 179, 188, 21, 171, 174, 12, 104, 74, 15, 164, 136, 173, 62, 177,
@@ -11585,9 +11584,9 @@ mod tests {
.as_slice(),
);
let key = RsaPrivateKey::from_components(
- BigUint::from_bytes_le(n.as_slice()),
+ BoxedUint::from_le_slice_vartime(n.as_slice()),
e.into(),
- BigUint::from_bytes_le(d.as_slice()),
+ BoxedUint::from_le_slice_vartime(d.as_slice()),
vec![p, p_2],
)
.unwrap()
@@ -11596,7 +11595,7 @@ mod tests {
let att_obj_len = att_obj.len();
let n_start = att_obj_len - 261;
let e_start = n_start + 256;
- att_obj[n_start..e_start].copy_from_slice(key.n().to_bytes_be().as_slice());
+ att_obj[n_start..e_start].copy_from_slice(key.n().to_be_bytes().as_ref());
let b64_cdata_json = base64url_nopad::encode(c_data_json.as_bytes());
let b64_adata = base64url_nopad::encode(&att_obj[att_obj_len - 343..]);
let b64_key = base64url_nopad::encode(pub_key.as_bytes());
@@ -11711,7 +11710,7 @@ mod tests {
);
// `publicKey` mismatch.
let bad_pub_key = RsaPrivateKey::from_components(
- BigUint::from_bytes_le(
+ BoxedUint::from_le_slice_vartime(
[
175, 161, 161, 75, 52, 244, 72, 168, 29, 119, 33, 120, 3, 222, 231, 152, 222,
119, 112, 83, 221, 237, 74, 174, 79, 216, 147, 251, 245, 94, 234, 114, 254, 21,
@@ -11732,7 +11731,7 @@ mod tests {
.as_slice(),
),
0x0001_0001u32.into(),
- BigUint::from_bytes_le(
+ BoxedUint::from_le_slice_vartime(
[
129, 93, 123, 251, 104, 29, 84, 203, 116, 100, 75, 237, 111, 160, 12, 100, 172,
76, 57, 178, 144, 235, 81, 61, 115, 243, 28, 40, 183, 22, 56, 150, 68, 38, 220,
@@ -11753,7 +11752,7 @@ mod tests {
.as_slice(),
),
vec![
- BigUint::from_bytes_le(
+ BoxedUint::from_le_slice_vartime(
[
215, 199, 110, 28, 64, 16, 16, 109, 106, 152, 150, 124, 52, 166, 121, 92,
242, 13, 0, 69, 7, 152, 72, 172, 118, 63, 156, 180, 140, 39, 53, 29, 197,
@@ -11766,7 +11765,7 @@ mod tests {
]
.as_slice(),
),
- BigUint::from_bytes_le(
+ BoxedUint::from_le_slice_vartime(
[
233, 89, 204, 152, 31, 242, 8, 110, 38, 190, 111, 159, 105, 105, 45, 85,
15, 244, 30, 250, 174, 226, 219, 111, 107, 191, 196, 135, 17, 123, 186,
