From 6002db37ae804302b41637caa321036d04379af8 Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Sat, 6 Jul 2024 21:46:14 +0800
Subject: [PATCH] feat: update pkcs11 piv

---
 Cargo.lock                       | 53 --------------------------------
 native-pkcs11-piv/Cargo.toml     |  5 ---
 native-pkcs11-piv/src/piv/key.rs |  9 +++---
 native-pkcs11-piv/src/piv/mod.rs |  3 --
 4 files changed, 5 insertions(+), 65 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index f16f674..4c54bf0 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -133,22 +133,6 @@ version = "0.9.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
 
-[[package]]
-name = "core-foundation"
-version = "0.9.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f"
-dependencies = [
- "core-foundation-sys",
- "libc",
-]
-
-[[package]]
-name = "core-foundation-sys"
-version = "0.8.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f"
-
 [[package]]
 name = "cpufeatures"
 version = "0.2.12"
@@ -516,13 +500,10 @@ dependencies = [
 name = "native-pkcs11-piv"
 version = "0.2.18"
 dependencies = [
- "core-foundation",
  "native-pkcs11-traits",
  "p256",
  "rand",
  "rsa",
- "security-framework",
- "security-framework-sys",
  "serial_test",
  "spki",
  "thiserror",
@@ -561,16 +542,6 @@ dependencies = [
  "winapi",
 ]
 
-[[package]]
-name = "num-bigint"
-version = "0.4.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9"
-dependencies = [
- "num-integer",
- "num-traits",
-]
-
 [[package]]
 name = "num-bigint-dig"
 version = "0.8.4"
@@ -982,30 +953,6 @@ dependencies = [
  "zeroize",
 ]
 
-[[package]]
-name = "security-framework"
-version = "2.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c627723fd09706bacdb5cf41499e95098555af3c3c29d014dc3c458ef6be11c0"
-dependencies = [
- "bitflags 2.5.0",
- "core-foundation",
- "core-foundation-sys",
- "libc",
- "num-bigint",
- "security-framework-sys",
-]
-
-[[package]]
-name = "security-framework-sys"
-version = "2.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "317936bbbd05227752583946b9e66d7ce3b489f84e11a94a510b4437fef407d7"
-dependencies = [
- "core-foundation-sys",
- "libc",
-]
-
 [[package]]
 name = "serde"
 version = "1.0.203"
diff --git a/native-pkcs11-piv/Cargo.toml b/native-pkcs11-piv/Cargo.toml
index 4b2ff37..2834513 100644
--- a/native-pkcs11-piv/Cargo.toml
+++ b/native-pkcs11-piv/Cargo.toml
@@ -28,8 +28,3 @@ yubikey = { version = "0.8.0", features = ["untested"] }
 
 [dev-dependencies]
 serial_test = { version = "3.1.1", default-features = false }
-
-[target.'cfg(target_os="macos")'.dependencies]
-core-foundation = { version = "0.9.4", features = ["mac_os_10_8_features"] }
-security-framework = { version = "2.11.0", features = ["OSX_10_15"] }
-security-framework-sys = { version = "2.11.0", features = ["OSX_10_15"] }
diff --git a/native-pkcs11-piv/src/piv/key.rs b/native-pkcs11-piv/src/piv/key.rs
index 26671c9..4570a11 100644
--- a/native-pkcs11-piv/src/piv/key.rs
+++ b/native-pkcs11-piv/src/piv/key.rs
@@ -14,7 +14,6 @@
 
 use std::fmt::Debug;
 
-use security_framework::key::SecKey;
 use tracing::instrument;
 
 use native_pkcs11_traits::{Backend, KeyAlgorithm, PrivateKey, PublicKey, SignatureAlgorithm};
@@ -28,7 +27,7 @@ pub enum Algorithm {
 
 #[derive(Debug)]
 pub struct YubikeyPivPrivateKey {
-    sec_key: SecKey,
+    // sec_key: SecKey,
     label: String,
     public_key_hash: Vec<u8>,
     algorithm: KeyAlgorithm,
@@ -99,13 +98,14 @@ impl PrivateKey for YubikeyPivPrivateKey {
         &self,
         _backend: &dyn Backend,
     ) -> P11Result<Option<Box<dyn PublicKey>>> {
+        // TODO ...
         Ok(None)
     }
 }
 
 #[derive(Debug, Clone)]
 pub struct YubikeyPivPublicKey {
-    pub sec_key: SecKey,
+    // pub sec_key: SecKey,
     pub label: String,
     der: Vec<u8>,
     public_key_hash: Vec<u8>,
@@ -157,11 +157,12 @@ impl PublicKey for YubikeyPivPublicKey {
         // if !result {
         //     return Err("verify failed")?;
         // }
+        // TODO ...
         Ok(())
     }
 
     fn delete(self: Box<Self>) {
-        let _ = self.sec_key.delete();
+        // yubikey-piv-pkcs11 just cannot delete public key
     }
 
     fn algorithm(&self) -> KeyAlgorithm {
diff --git a/native-pkcs11-piv/src/piv/mod.rs b/native-pkcs11-piv/src/piv/mod.rs
index 821769e..0e9687b 100644
--- a/native-pkcs11-piv/src/piv/mod.rs
+++ b/native-pkcs11-piv/src/piv/mod.rs
@@ -64,9 +64,6 @@ pub enum ErrorKind {
     #[error("{0}")]
     Der(#[from] x509_cert::der::Error),
 
-    #[error("{0}")]
-    SecurityFramework(#[from] security_framework::base::Error),
-
     #[error("{0}")]
     Spki(#[from] x509_cert::spki::Error),