diff --git a/Cargo.lock b/Cargo.lock index c0702408..a0a45c64 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -330,8 +330,7 @@ dependencies = [ [[package]] name = "nethsm-sdk-rs" version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "85cbc1d9e81b0c6373466fdf7fe22a96682b3ba7041e1081fbb7cb3317d835ba" +source = "git+https://github.com/Nitrokey/nethsm-sdk-rs.git?branch=update#bb40e2b947d3159ce0cddfca36c3b1370357c751" dependencies = [ "base64", "serde", diff --git a/Cargo.toml b/Cargo.toml index 559f55f6..cadb85ee 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,4 +9,7 @@ opt-level = 'z' # Optimize for size lto = true # Enable link-time optimization codegen-units = 1 # Reduce number of codegen units to increase optimizations panic = 'abort' # Abort on panic -strip = true # Strip symbols from binary \ No newline at end of file +strip = true # Strip symbols from binary + +[patch.crates-io] +nethsm-sdk-rs = { git = "https://github.com/Nitrokey/nethsm-sdk-rs.git", branch = "update" } diff --git a/pkcs11/src/backend/db/object.rs b/pkcs11/src/backend/db/object.rs index 71a90342..e8e8318f 100644 --- a/pkcs11/src/backend/db/object.rs +++ b/pkcs11/src/backend/db/object.rs @@ -170,9 +170,9 @@ struct KeyData { fn configure_rsa(key_data: &PublicKey) -> Result { let key_data = key_data - .key + .public .as_ref() - .ok_or(Error::KeyField("key".to_string()))?; + .ok_or(Error::KeyField("public".to_string()))?; let modulus = key_data .modulus @@ -211,9 +211,9 @@ fn configure_rsa(key_data: &PublicKey) -> Result { fn configure_ec(key_data: &PublicKey) -> Result { let ec_points = key_data - .key + .public .as_ref() - .ok_or(Error::KeyField("key".to_string()))? + .ok_or(Error::KeyField("public".to_string()))? .data .as_ref() .ok_or(Error::KeyField("data".to_string()))?; @@ -418,11 +418,11 @@ pub fn from_key_data( } pub fn from_cert_data( - cert: String, + cert: Vec, key_id: &str, raw_id: Option>, ) -> Result { - let cert = x509_cert::Certificate::from_pem(cert.as_bytes()).map_err(Error::Der)?; + let cert = x509_cert::Certificate::from_pem(cert).map_err(Error::Der)?; let mut cert_der = Vec::new(); cert.encode_to_vec(&mut cert_der).map_err(Error::Der)?; diff --git a/pkcs11/src/backend/key.rs b/pkcs11/src/backend/key.rs index 47a300de..6a35b37a 100644 --- a/pkcs11/src/backend/key.rs +++ b/pkcs11/src/backend/key.rs @@ -185,13 +185,7 @@ fn upload_certificate( let key_id = id.as_str(); login_ctx.try_( - |api_config| { - default_api::keys_key_id_cert_put( - &api_config, - key_id, - default_api::KeysKeyIdCertPutBody::ApplicationXPemFile(body), - ) - }, + |api_config| default_api::keys_key_id_cert_put(&api_config, key_id, body.into_bytes()), login::UserMode::Administrator, )?; @@ -319,9 +313,9 @@ pub fn create_key_from_template( } let private_key = PrivateKey { - mechanisms: mechanisms.clone(), + mechanisms, r#type, - key, + private: key, restrictions: None, }; @@ -333,8 +327,6 @@ pub fn create_key_from_template( &api_config, key_id, default_api::KeysKeyIdPutBody::ApplicationJson(private_key), - Some(mechanisms), - None, ) }, login::UserMode::Administrator, @@ -349,8 +341,6 @@ pub fn create_key_from_template( default_api::keys_post( &api_config, default_api::KeysPostBody::ApplicationJson(private_key), - Some(mechanisms), - None, ) }, login::UserMode::Administrator, @@ -524,13 +514,7 @@ pub fn fetch_certificate( } let cert_data = login_ctx.try_( - |api_config| { - default_api::keys_key_id_cert_get( - &api_config, - key_id, - default_api::KeysKeyIdCertGetAccept::ApplicationXPemFile, - ) - }, + |api_config| default_api::keys_key_id_cert_get(&api_config, key_id), super::login::UserMode::OperatorOrAdministrator, )?; @@ -566,7 +550,7 @@ pub fn fetch_loop( kind: Option, ) { while let Some(key) = keys.lock().unwrap().pop() { - let key_id = key.key.clone(); + let key_id = key.id.clone(); if matches!( kind, diff --git a/tools/create_web_key.sh b/tools/create_web_key.sh index 5f673cca..f79cf7f6 100755 --- a/tools/create_web_key.sh +++ b/tools/create_web_key.sh @@ -14,7 +14,7 @@ curl -k -i --fail-with-body -w '\n' -u admin:Administrator -X PUT \ "RSA_Signature_PSS_SHA256", "RSA_Signature_PSS_SHA384", "RSA_Signature_PSS_SHA512" ], "type": "RSA", - "key": { + "private": { "publicExponent": "AQAB", "primeP": "AOedR8mKUVN2jLE60cbESw+o88d2f19oyAjNLUtnLgYnBIKva10JYDRHa/EXqiStx+cDTNvd5xBVPXFrt56sdpHgW1rL9BkcXX5Z75eNQwCEZOxrHp7uSkefr3we7KCTEvFMnA8tp4tnA5y7J+anlgz5oucmS91JS8O8l/UGGk0Sx52N7aRjEVI8Rbm8Mz91jPPuHevvYy0uqkEwI2nxVTlNadmCrJi3DJ/xVm/8bUTCixBcs9LurDfUI70llz9XqHX/AfOOBc8giIAS8PUDa6djKMbKtKR2OurAdHLFMvUWEMEpUwjS+CyFkv+LtXCnl2J0KqKGDW5DYZOMuYSo71s=", "primeQ": "ANAOJHTHgQNr+VWf35WoVYKR6r3fZDy5mtfDlj3i0YRdU7PReanwesNcDiHc1a5nkmVUOpmzG9VmI6vWX2+VEAbW4nukqKsljrla1VZ7RtYsmeoat5vSKwiL1P2fDqjX8xKM1Q94z4wMoXjfuuRbimoOa9uuGpTfKEJolXF0Z6YFUdQWnosOY3GIOQNvVNGYwtczTj2ykVbF3rFepVOhMgvUPKEN0foXAI1yXQECf3nrEHZmNS1IX6m0pqKOdc9xrRZn6Je1E9CLkp52pCkPxWJ0Swep1uk8Lc5MnSo1NmnahVBra8rozvSEEh4p8GVDRsDivzfJYTMEuJS+8pUShCs=" diff --git a/tools/tests/decrypt_aes.sh b/tools/tests/decrypt_aes.sh index 6a2cc244..bae2cecb 100755 --- a/tools/tests/decrypt_aes.sh +++ b/tools/tests/decrypt_aes.sh @@ -27,7 +27,7 @@ curl -k -i --fail-with-body -w '\n' -u admin:Administrator -X PUT \ "AES_Decryption_CBC" ], "type": "Generic", - "key": { + "private": { "data": "'$B64'" } }' @@ -46,4 +46,4 @@ pkcs11-tool --module ./target/debug/libnethsm_pkcs11.so -v --decrypt \ --iv $IV --output-file _data.decrypt diff _input _data.decrypt - \ No newline at end of file + diff --git a/tools/tests/delete_key_certificate.sh b/tools/tests/delete_key_certificate.sh index fb658574..9f289b2a 100755 --- a/tools/tests/delete_key_certificate.sh +++ b/tools/tests/delete_key_certificate.sh @@ -14,12 +14,12 @@ curl -k -u admin:Administrator -v -X DELETE \ curl -k -i -w '\n' -u admin:Administrator -X PUT \ "https://localhost:8443/api/v1/keys/${KEYID}?mechanisms=RSA_Decryption_RAW,RSA_Decryption_PKCS1,RSA_Decryption_OAEP_MD5,RSA_Decryption_OAEP_SHA1,RSA_Decryption_OAEP_SHA224,RSA_Decryption_OAEP_SHA256,RSA_Decryption_OAEP_SHA384,RSA_Decryption_OAEP_SHA512,RSA_Signature_PKCS1,RSA_Signature_PSS_MD5,RSA_Signature_PSS_SHA1,RSA_Signature_PSS_SHA224,RSA_Signature_PSS_SHA256,RSA_Signature_PSS_SHA384,RSA_Signature_PSS_SHA512" \ - -H 'Content-Type: application/x-pem-file' \ + -H 'Content-Type: application/octet-stream' \ --data-binary '@_privatekey.pem' curl -k -i -w '\n' -u admin:Administrator -X PUT \ https://localhost:8443/api/v1/keys/${KEYID}/cert \ - -H 'Content-Type: application/x-pem-file' \ + -H 'Content-Type: application/octet-stream' \ --data-binary '@_certificate.pem' # delete the key pkcs11-tool --module ./target/debug/libnethsm_pkcs11.so -v \ @@ -28,7 +28,7 @@ pkcs11-tool --module ./target/debug/libnethsm_pkcs11.so -v \ ## check that the key is gone RESPONSE=$(curl -s -k -u operator:opPassphrase -v -X GET \ https://localhost:8443/api/v1/keys/$KEYID/cert \ - -H 'Accept: application/x-pem-file' -o /dev/null -w "%{http_code}") + -H 'Accept: application/octet-stream' -o /dev/null -w "%{http_code}") if [ $RESPONSE -eq 406 ]; then echo "Got 406 error, cert was deleted"