chore(deps): massive update of crypto libraries

Update to the latest version of a bunch of crypto libraries. These
libraries, especially the ones that belong to RustCrypto, have to be
updated at the same time.

There have been a lot of API changes and deprecation warnigns, which needed
quite some adaptation of our codebase.

This fixes the following issues: sigstore#267, sigstore#266, sigstore#265, sigstore#248, sigstore#236, sigstore#234, sigstore#233, sigstore#230

Signed-off-by: Flavio Castelli <fcastelli@suse.com>

Cargo.toml

@@ -73,28 +73,29 @@ cached = { version = "0.42.0", optional = true }
 cfg-if = "1.0.0"
 chrono = { version = "0.4.23" }
 const-oid = "0.9.1"
+# TODO: consume via x509-cert?
 der = "0.7.5"
 digest = { version = "0.10.3", default-features = false }
-ecdsa = { version = "0.15", features = ["pkcs8", "digest", "der"] }
+ecdsa = { version = "0.16.7", features = ["pkcs8", "digest", "der", "signing"] }
 ed25519 = { version = "2.2.1", features = ["alloc"] }
 ed25519-dalek = { version = "2.0.0-rc.2", features = ["pkcs8", "rand_core"] }
-elliptic-curve = { version = "0.12.2", features = ["arithmetic", "pem"] }
+elliptic-curve = { version = "0.13.5", features = ["arithmetic", "pem"] }
 lazy_static = "1.4.0"
 oci-distribution = { version = "0.9", default-features = false, optional = true }
 olpc-cjson = "0.1"
 openidconnect = { version = "2.3", default-features = false, features = [
   "reqwest",
 ], optional = true }
-p256 = "0.12"
-p384 = "0.12"
+p256 = "0.13.2"
+p384 = "0.13"
 webbrowser = "0.8.4"
 pem = "1.0.2"
 picky = { version = "7.0.0-rc.5", default-features = false, features = [
   "x509",
   "ec",
 ] }
 pkcs1 = { version = "0.7.5", features = ["std"] }
-pkcs8 = { version = "0.9.0", features = [
+pkcs8 = { version = "0.10.2", features = [
   "pem",
   "alloc",
   "pkcs5",
@@ -107,19 +108,20 @@ reqwest = { version = "0.11", default-features = false, features = [
   "json",
   "multipart",
 ], optional = true }
-rsa = "0.8.2"
+rsa = "0.9.2"
 scrypt = "0.11.0"
 serde = { version = "1.0.136", features = ["derive"] }
 serde_json = "1.0.79"
 sha2 = { version = "0.10.6", features = ["oid"] }
 signature = { version = "2.0" }
+# TODO: consume via x509-cert?
 spki = { version = "0.7.2", features = ["pem", "std"] }
 thiserror = "1.0.30"
 tokio = { version = "1.17.0", features = ["rt"] }
 tough = { version = "0.13", features = ["http"], optional = true }
 tracing = "0.1.31"
 url = "2.2.2"
-x509-cert = { version = "0.1.1", features = ["pem", "std"] }
+x509-cert = { version = "0.2.2", features = ["pem", "std"] }
 crypto_secretbox = "0.1.1"
 zeroize = "1.5.7"
 

src/cosign/signature_layers.rs

@@ -16,11 +16,11 @@
 use const_oid::ObjectIdentifier;
 use digest::Digest;
 use oci_distribution::client::ImageLayer;
-use pkcs8::der::Decode;
 use serde::Serialize;
 use std::convert::TryFrom;
 use std::{collections::HashMap, fmt};
 use tracing::{debug, info, warn};
+use x509_cert::der::DecodePem;
 use x509_cert::ext::pkix::name::GeneralName;
 use x509_cert::ext::pkix::SubjectAltName;
 use x509_cert::Certificate;
@@ -433,9 +433,8 @@ impl CertificateSignature {
         fulcio_cert_pool: &CertificatePool,
         trusted_bundle: &Bundle,
     ) -> Result<Self> {
-        let pem = pem::parse(cert_raw)?;
-        let cert = Certificate::from_der(&pem.contents)
-            .map_err(|e| SigstoreError::X509Error(format!("parse from der: {e}")))?;
+        let cert = Certificate::from_pem(&cert_raw)
+            .map_err(|e| SigstoreError::X509Error(format!("parse from pem: {e}")))?;
         let integrated_time = trusted_bundle.payload.integrated_time;
 
         // ensure the certificate has been issued by Fulcio
@@ -445,7 +444,12 @@ impl CertificateSignature {
 
         let subject = CertificateSubject::from_certificate(&cert)?;
         let verification_key =
-            CosignVerificationKey::try_from(&cert.tbs_certificate.subject_public_key_info)?;
+            CosignVerificationKey::try_from(&cert.tbs_certificate.subject_public_key_info)
+                .map_err(|e| {
+                    SigstoreError::X509Error(format!(
+                        "cannot extract public key from certificate: {e}"
+                    ))
+                })?;
 
         let issuer = get_cert_extension_by_oid(&cert, SIGSTORE_ISSUER_OID, "Issuer")?;
 
@@ -506,7 +510,7 @@ fn get_cert_extension_by_oid(
         .iter()
         .find(|ext| ext.extn_id == ext_oid)
         .map(|ext| {
-            String::from_utf8(ext.extn_value.to_vec()).map_err(|_| {
+            String::from_utf8(ext.extn_value.clone().into_bytes()).map_err(|_| {
                 SigstoreError::X509Error(format!(
                     "Certificate's extension Sigstore {ext_oid_name} is not UTF8 compatible"
                 ))

src/crypto/signing_key/ecdsa/ec.rs

@@ -73,18 +73,20 @@ use digest::{
     },
     Digest, FixedOutput, FixedOutputReset,
 };
-use ecdsa::{hazmat::SignPrimitive, PrimeCurve, SignatureSize, SigningKey};
+use ecdsa::{
+    hazmat::{DigestPrimitive, SignPrimitive},
+    PrimeCurve, SignatureSize, SigningKey,
+};
 use elliptic_curve::{
     bigint::ArrayEncoding,
     generic_array::ArrayLength,
     ops::{Invert, Reduce},
     sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint},
     subtle::CtOption,
     zeroize::Zeroizing,
-    AffineArithmetic, AffinePoint, Curve, FieldSize, ProjectiveArithmetic, PublicKey, Scalar,
-    SecretKey,
+    AffinePoint, Curve, CurveArithmetic, FieldBytesSize, PublicKey, Scalar, SecretKey,
 };
-use pkcs8::{der::Encode, AssociatedOid, DecodePrivateKey, EncodePrivateKey, EncodePublicKey};
+use pkcs8::{AssociatedOid, DecodePrivateKey, EncodePrivateKey, EncodePublicKey};
 use signature::DigestSigner;
 
 use crate::{
@@ -110,25 +112,25 @@ use super::ECDSAKeys;
 #[derive(Clone, Debug)]
 pub struct EcdsaKeys<C>
 where
-    C: Curve + ProjectiveArithmetic + pkcs8::AssociatedOid,
+    C: Curve + CurveArithmetic + pkcs8::AssociatedOid,
 {
     ec_seckey: SecretKey<C>,
     public_key: PublicKey<C>,
 }
 
 impl<C> EcdsaKeys<C>
 where
-    C: Curve + AssociatedOid + ProjectiveArithmetic + PrimeCurve,
+    C: Curve + AssociatedOid + CurveArithmetic + PrimeCurve,
     AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
-    FieldSize<C>: ModulusSize,
+    FieldBytesSize<C>: ModulusSize,
 {
     /// Create a new `EcdsaKeys` Object, the generic parameter indicates
     /// the elliptic curve. Please refer to
     /// <https://github.com/RustCrypto/elliptic-curves#crates> for curves.
     /// The secret key (private key) will be randomly
     /// generated.
     pub fn new() -> Result<Self> {
-        let ec_seckey: SecretKey<C> = SecretKey::random(rand::rngs::OsRng);
+        let ec_seckey: SecretKey<C> = SecretKey::random(&mut rand::rngs::OsRng);
 
         let public_key = ec_seckey.public_key();
         Ok(EcdsaKeys {
@@ -207,9 +209,9 @@ where
 
 impl<C> KeyPair for EcdsaKeys<C>
 where
-    C: Curve + AssociatedOid + ProjectiveArithmetic + PrimeCurve,
+    C: Curve + AssociatedOid + CurveArithmetic + PrimeCurve,
     AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
-    FieldSize<C>: ModulusSize,
+    FieldBytesSize<C>: ModulusSize,
 {
     /// Return the public key in PEM-encoded SPKI format.
     fn public_key_to_pem(&self) -> Result<String> {
@@ -249,9 +251,7 @@ where
         let pem = match password.len() {
             0 => pem::Pem {
                 tag: PRIVATE_KEY_PEM_LABEL.to_string(),
-                contents: der
-                    .to_vec()
-                    .map_err(|e| SigstoreError::PKCS8DerError(e.to_string()))?,
+                contents: der.to_vec(),
             },
             _ => pem::Pem {
                 tag: SIGSTORE_PRIVATE_KEY_PEM_LABEL.to_string(),
@@ -285,11 +285,11 @@ where
 #[derive(Clone, Debug)]
 pub struct EcdsaSigner<C, D>
 where
-    C: PrimeCurve + ProjectiveArithmetic + AssociatedOid,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + Reduce<C::UInt> + SignPrimitive<C>,
-    C::UInt: for<'a> From<&'a Scalar<C>>,
+    C: PrimeCurve + CurveArithmetic + AssociatedOid,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + Reduce<C::Uint> + SignPrimitive<C>,
+    C::Uint: for<'a> From<&'a Scalar<C>>,
     SignatureSize<C>: ArrayLength<u8>,
-    D: Digest + BlockSizeUser + FixedOutput<OutputSize = FieldSize<C>> + FixedOutputReset,
+    D: Digest + BlockSizeUser + FixedOutput<OutputSize = FieldBytesSize<C>> + FixedOutputReset,
 {
     signing_key: SigningKey<C>,
     ecdsa_keys: EcdsaKeys<C>,
@@ -298,13 +298,13 @@ where
 
 impl<C, D> EcdsaSigner<C, D>
 where
-    C: PrimeCurve + ProjectiveArithmetic + AssociatedOid,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + Reduce<C::UInt> + SignPrimitive<C>,
+    C: PrimeCurve + CurveArithmetic + AssociatedOid,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + Reduce<C::Uint> + SignPrimitive<C>,
     AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
-    FieldSize<C>: ModulusSize,
-    C::UInt: for<'a> From<&'a Scalar<C>>,
+    FieldBytesSize<C>: ModulusSize,
+    C::Uint: for<'a> From<&'a Scalar<C>>,
     SignatureSize<C>: ArrayLength<u8>,
-    D: Digest + BlockSizeUser + FixedOutput<OutputSize = FieldSize<C>> + FixedOutputReset,
+    D: Digest + BlockSizeUser + FixedOutput<OutputSize = FieldBytesSize<C>> + FixedOutputReset,
 {
     /// Create a new `EcdsaSigner` from the given `EcdsaKeys` and `SignatureDigestAlgorithm`
     pub fn from_ecdsa_keys(ecdsa_keys: &EcdsaKeys<C>) -> Result<Self> {
@@ -332,20 +332,21 @@ where
 
 impl<C, D> Signer for EcdsaSigner<C, D>
 where
-    C: PrimeCurve + ProjectiveArithmetic + AssociatedOid,
-    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + Reduce<C::UInt> + SignPrimitive<C>,
+    C: PrimeCurve + CurveArithmetic + AssociatedOid + DigestPrimitive,
+    Scalar<C>: Invert<Output = CtOption<Scalar<C>>> + Reduce<C::Uint> + SignPrimitive<C>,
     SigningKey<C>: ecdsa::signature::Signer<ecdsa::Signature<C>>,
-    C::UInt: for<'a> From<&'a Scalar<C>>,
-    <<<C as Curve>::UInt as ArrayEncoding>::ByteSize as Add>::Output:
+    C::Uint: for<'a> From<&'a Scalar<C>>,
+    <<C as Curve>::FieldBytesSize as Add>::Output:
         Add<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B1>>,
-    <<<<C as Curve>::UInt as ArrayEncoding>::ByteSize as Add>::Output as Add<
+    <<<C as Curve>::FieldBytesSize as Add>::Output as Add<
         UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B1>,
     >>::Output: ArrayLength<u8>,
     SignatureSize<C>: ArrayLength<u8>,
-    <<C as Curve>::UInt as ArrayEncoding>::ByteSize: ModulusSize,
-    <C as AffineArithmetic>::AffinePoint: ToEncodedPoint<C>,
-    <C as AffineArithmetic>::AffinePoint: FromEncodedPoint<C>,
-    D: Digest + BlockSizeUser + FixedOutput<OutputSize = FieldSize<C>> + FixedOutputReset,
+    <<C as Curve>::Uint as ArrayEncoding>::ByteSize: ModulusSize,
+    <C as Curve>::FieldBytesSize: ModulusSize,
+    <C as CurveArithmetic>::AffinePoint: ToEncodedPoint<C>,
+    <C as CurveArithmetic>::AffinePoint: FromEncodedPoint<C>,
+    D: Digest + BlockSizeUser + FixedOutput<OutputSize = FieldBytesSize<C>> + FixedOutputReset,
 {
     /// Sign the given message, and generate a signature.
     /// The message will firstly be hashed with the given
@@ -356,9 +357,9 @@ where
     fn sign(&self, msg: &[u8]) -> Result<Vec<u8>> {
         let mut hasher = D::new();
         digest::Digest::update(&mut hasher, msg);
-        let sig = self.signing_key.try_sign_digest(hasher)?.to_der();
+        let (sig, _recovery_id) = self.signing_key.try_sign_digest(hasher)?;
 
-        Ok(sig.as_bytes().to_vec())
+        Ok(sig.to_der().to_bytes().to_vec())
     }
 
     /// Return the ref to the keypair inside the signer

src/crypto/signing_key/rsa/keypair.rs

@@ -183,19 +183,19 @@ impl RSAKeys {
             PaddingScheme::PKCS1v15 => match digest_algorithm {
                 DigestAlgorithm::Sha256 => {
                     SigStoreSigner::RSA_PKCS1_SHA256(RSASigner::RSA_PKCS1_SHA256(
-                        SigningKey::<sha2::Sha256>::new_with_prefix(private_key),
+                        SigningKey::<sha2::Sha256>::new(private_key),
                         self.clone(),
                     ))
                 }
                 DigestAlgorithm::Sha384 => {
                     SigStoreSigner::RSA_PKCS1_SHA384(RSASigner::RSA_PKCS1_SHA384(
-                        SigningKey::<sha2::Sha384>::new_with_prefix(private_key),
+                        SigningKey::<sha2::Sha384>::new(private_key),
                         self.clone(),
                     ))
                 }
                 DigestAlgorithm::Sha512 => {
                     SigStoreSigner::RSA_PKCS1_SHA512(RSASigner::RSA_PKCS1_SHA512(
-                        SigningKey::<sha2::Sha512>::new_with_prefix(private_key),
+                        SigningKey::<sha2::Sha512>::new(private_key),
                         self.clone(),
                     ))
                 }

src/crypto/signing_key/rsa/mod.rs

@@ -141,15 +141,15 @@ impl RSASigner {
             },
             PaddingScheme::PKCS1v15 => match digest_algorithm {
                 DigestAlgorithm::Sha256 => RSASigner::RSA_PKCS1_SHA256(
-                    SigningKey::<sha2::Sha256>::new_with_prefix(private_key),
+                    SigningKey::<sha2::Sha256>::new(private_key),
                     rsa_keys.clone(),
                 ),
                 DigestAlgorithm::Sha384 => RSASigner::RSA_PKCS1_SHA384(
-                    SigningKey::<sha2::Sha384>::new_with_prefix(private_key),
+                    SigningKey::<sha2::Sha384>::new(private_key),
                     rsa_keys.clone(),
                 ),
                 DigestAlgorithm::Sha512 => RSASigner::RSA_PKCS1_SHA512(
-                    SigningKey::<sha2::Sha512>::new_with_prefix(private_key),
+                    SigningKey::<sha2::Sha512>::new(private_key),
                     rsa_keys.clone(),
                 ),
             },