feat: update native-pkcs11-piv

2024-07-06 19:29:38 +08:00
parent d8a2309b95
commit a77e6ff44e
3 changed files with 67 additions and 54 deletions
--- a/native-pkcs11-piv/src/piv/key.rs
+++ b/native-pkcs11-piv/src/piv/key.rs
@@ -12,8 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

+use std::fmt::Debug;
+
 use core_foundation::base::ToVoid;
-use native_pkcs11_traits::{KeyAlgorithm, PrivateKey, PublicKey, SignatureAlgorithm};
 use security_framework::{
    item::{ItemClass, KeyClass, Limit, Reference},
    key::SecKey,
@@ -25,9 +26,12 @@ use security_framework_sys::item::{
    kSecAttrKeyTypeRSA,
    kSecAttrTokenID,
 };
-use std::fmt::Debug;
 use tracing::instrument;

+use native_pkcs11_traits::{KeyAlgorithm, PrivateKey, PublicKey, SignatureAlgorithm};
+use native_pkcs11_traits::DigestType as P11DigestType;
+use native_pkcs11_traits::Result as P11Result;
+
 use crate::Result;

 #[derive(Debug)]
@@ -41,22 +45,22 @@ fn sigalg_to_seckeyalg(
 ) -> Result<security_framework_sys::key::Algorithm> {
    use security_framework_sys::key::Algorithm::*;
    let alg = match signature_algorithm {
-        native_pkcs11_traits::SignatureAlgorithm::Ecdsa => ECDSASignatureRFC4754,
-        native_pkcs11_traits::SignatureAlgorithm::RsaRaw => RSASignatureRaw,
-        native_pkcs11_traits::SignatureAlgorithm::RsaPkcs1v15Raw => RSASignatureDigestPKCS1v15Raw,
-        native_pkcs11_traits::SignatureAlgorithm::RsaPkcs1v15Sha1 => {
+        SignatureAlgorithm::Ecdsa => ECDSASignatureRFC4754,
+        SignatureAlgorithm::RsaRaw => RSASignatureRaw,
+        SignatureAlgorithm::RsaPkcs1v15Raw => RSASignatureDigestPKCS1v15Raw,
+        SignatureAlgorithm::RsaPkcs1v15Sha1 => {
            RSASignatureMessagePKCS1v15SHA1
        }
-        native_pkcs11_traits::SignatureAlgorithm::RsaPkcs1v15Sha384 => {
+        SignatureAlgorithm::RsaPkcs1v15Sha384 => {
            RSASignatureMessagePKCS1v15SHA384
        }
-        native_pkcs11_traits::SignatureAlgorithm::RsaPkcs1v15Sha256 => {
+        SignatureAlgorithm::RsaPkcs1v15Sha256 => {
            RSASignatureMessagePKCS1v15SHA256
        }
-        native_pkcs11_traits::SignatureAlgorithm::RsaPkcs1v15Sha512 => {
+        SignatureAlgorithm::RsaPkcs1v15Sha512 => {
            RSASignatureMessagePKCS1v15SHA512
        }
-        native_pkcs11_traits::SignatureAlgorithm::RsaPss {
+        SignatureAlgorithm::RsaPss {
            digest,
            mask_generation_function,
            salt_length,
@@ -69,11 +73,11 @@ fn sigalg_to_seckeyalg(
                    .into());
            }
            match mask_generation_function {
-                native_pkcs11_traits::DigestType::Sha1 => RSASignatureDigestPSSSHA1,
-                native_pkcs11_traits::DigestType::Sha224 => RSASignatureDigestPSSSHA224,
-                native_pkcs11_traits::DigestType::Sha256 => RSASignatureDigestPSSSHA256,
-                native_pkcs11_traits::DigestType::Sha384 => RSASignatureDigestPSSSHA384,
-                native_pkcs11_traits::DigestType::Sha512 => RSASignatureDigestPSSSHA512,
+                P11DigestType::Sha1 => RSASignatureDigestPSSSHA1,
+                P11DigestType::Sha224 => RSASignatureDigestPSSSHA224,
+                P11DigestType::Sha256 => RSASignatureDigestPSSSHA256,
+                P11DigestType::Sha384 => RSASignatureDigestPSSSHA384,
+                P11DigestType::Sha512 => RSASignatureDigestPSSSHA512,
            }
        }
    };
@@ -122,9 +126,9 @@ impl PrivateKey for YubikeyPivPrivateKey {
    #[instrument]
    fn sign(
        &self,
-        algorithm: &native_pkcs11_traits::SignatureAlgorithm,
+        algorithm: &SignatureAlgorithm,
        data: &[u8],
-    ) -> native_pkcs11_traits::Result<Vec<u8>> {
+    ) -> P11Result<Vec<u8>> {
        let algorithm = sigalg_to_seckeyalg(algorithm)?;
        Ok(self.sec_key.create_signature(algorithm, data.as_ref())?)
    }
@@ -141,7 +145,7 @@ impl PrivateKey for YubikeyPivPrivateKey {
    fn find_public_key(
        &self,
        _backend: &dyn native_pkcs11_traits::Backend,
-    ) -> native_pkcs11_traits::Result<Option<Box<dyn PublicKey>>> {
+    ) -> P11Result<Option<Box<dyn PublicKey>>> {
        let sec_copy = self
            .sec_key
            .public_key()
@@ -229,7 +233,7 @@ impl PublicKey for YubikeyPivPublicKey {
        algorithm: &native_pkcs11_traits::SignatureAlgorithm,
        data: &[u8],
        signature: &[u8],
-    ) -> native_pkcs11_traits::Result<()> {
+    ) -> P11Result<()> {
        let algorithm = sigalg_to_seckeyalg(algorithm)?;
        let result = self.sec_key.verify_signature(algorithm, data, signature)?;
        if !result {