apple-codesign: upgrade rsa and yubikey to latest versions

This required a myriad of code changes to get to compile. I also
had to copy some low level RSA code into cryptography.rs. There
may be a way to get things working against the latest RSA crate.
I can look into that as a follow-up.

app-store-connect/Cargo.toml

@@ -21,7 +21,7 @@ log = "0.4.20"
 pem = "3.0.2"
 rand = "0.8.5"
 reqwest = { version = "0.11.22", default-features = false, features = ["blocking", "json", "rustls-tls"] }
-rsa = "0.8.2"
+rsa = "0.9.3"
 serde = { version = "1.0.190", features = ["derive"] }
 serde_json = "1.0.108"
 thiserror = "1.0.50"

apple-codesign/CHANGELOG.md

@@ -29,12 +29,13 @@ Released on ReleaseDate.
 * pkcs8 0.9 -> 0.10.
 * rasn 0.6 -> 0.11.
 * ring 0.16 -> 0.17.
-* rsa 0.7 -> 0.8.
+* rsa 0.7 -> 0.9.
 * signature 1.6 -> 2.0.
 * spake2 0.3 -> 0.4.
 * spki 0.6 -> 0.7.
 * tungstenite 0.18 -> 0.20.
 * x509-certificate 0.16 -> 0.22.
+* yubikey 0.7 -> 0.8.
 
 ## 0.22.0
 

apple-codesign/Cargo.toml

@@ -28,7 +28,7 @@ bytes = "1.5.0"
 clap = { version = "4.4.7", features = ["derive"] }
 chrono = "0.4.31"
 cryptographic-message-syntax = "0.25.0"
-der = "0.7.8"
+der = {  version = "0.7.8", features = ["alloc"] }
 dialoguer = "0.11.0"
 difference = "2.0.0"
 digest = "0.10.7"
@@ -56,7 +56,7 @@ rayon = "1.8.0"
 regex = "1.10.2"
 reqwest = { version = "0.11.22", default-features = false, features = ["blocking", "json", "rustls-tls"] }
 ring = "0.17.5"
-rsa = "0.8.2"
+rsa = "0.9.3"
 scroll = "0.11.0"
 sha2 = "0.10.8"
 semver = "1.0.20"
@@ -77,7 +77,7 @@ x509 = "0.2.0"
 x509-certificate = "0.22.0"
 xml-rs = "0.8.19"
 yasna = "0.5.2"
-yubikey = { version = "0.7.0", optional = true, features = ["untested"] }
+yubikey = { version = "0.8.0", optional = true, features = ["untested"] }
 zeroize = { version = "1.6.0", features = ["zeroize_derive"] }
 zip = { version = "0.6.6", default-features = false, features = ["deflate"] }
 zip_structs = "0.2.1"

apple-codesign/src/cryptography.rs

@@ -11,6 +11,7 @@ use {
     },
     bytes::Bytes,
     der::{asn1, Decode, Document, Encode, SecretDocument},
+    digest::DynDigest,
     elliptic_curve::{
         sec1::{FromEncodedPoint, ModulusSize, ToEncodedPoint},
         AffinePoint, Curve, CurveArithmetic, FieldBytesSize, SecretKey as ECSecretKey,
@@ -22,10 +23,7 @@ use {
     pkcs1::RsaPrivateKey,
     pkcs8::{EncodePrivateKey, ObjectIdentifier, PrivateKeyInfo},
     ring::signature::{EcdsaKeyPair, Ed25519KeyPair, KeyPair, RsaKeyPair},
-    rsa::{
-        algorithms::mgf1_xor, pkcs1::DecodeRsaPrivateKey, BigUint, Oaep,
-        RsaPrivateKey as RsaConstructedKey,
-    },
+    rsa::{pkcs1::DecodeRsaPrivateKey, BigUint, Oaep, RsaPrivateKey as RsaConstructedKey},
     signature::Signer,
     spki::AlgorithmIdentifier,
     subtle::{Choice, ConditionallySelectable, ConstantTimeEq, CtOption},
@@ -663,6 +661,44 @@ pub(crate) fn rsa_oaep_post_decrypt_decode(
     Ok(out[index as usize..].to_vec())
 }
 
+fn inc_counter(counter: &mut [u8; 4]) {
+    for i in (0..4).rev() {
+        counter[i] = counter[i].wrapping_add(1);
+        if counter[i] != 0 {
+            // No overflow
+            return;
+        }
+    }
+}
+
+fn mgf1_xor(out: &mut [u8], digest: &mut dyn DynDigest, seed: &[u8]) {
+    let mut counter = [0u8; 4];
+    let mut i = 0;
+
+    const MAX_LEN: u64 = core::u32::MAX as u64 + 1;
+    assert!(out.len() as u64 <= MAX_LEN);
+
+    while i < out.len() {
+        let mut digest_input = vec![0u8; seed.len() + 4];
+        digest_input[0..seed.len()].copy_from_slice(seed);
+        digest_input[seed.len()..].copy_from_slice(&counter);
+
+        digest.update(digest_input.as_slice());
+        let digest_output = &*digest.finalize_reset();
+        let mut j = 0;
+        loop {
+            if j >= digest_output.len() || i >= out.len() {
+                break;
+            }
+
+            out[i] ^= digest_output[j];
+            j += 1;
+            i += 1;
+        }
+        inc_counter(&mut counter);
+    }
+}
+
 #[cfg(test)]
 mod test {
     use {super::*, ring::signature::KeyPair, x509_certificate::Sign};

apple-codesign/src/error.rs

@@ -82,6 +82,9 @@ pub enum AppleCodesignError {
     #[error("bad string value in certificate: {0:?}")]
     CertificateCharset(bcder::string::CharSetError),
 
+    #[error("DER: {0}")]
+    Der(#[from] der::Error),
+
     #[error("error parsing version string: {0}")]
     VersionParse(#[from] semver::Error),
 

apple-codesign/src/remote_signing/session_negotiation.rs

@@ -23,7 +23,7 @@ use {
         hkdf::{Salt, HKDF_SHA256},
         rand::{SecureRandom, SystemRandom},
     },
-    rsa::{BigUint, Oaep, PublicKey, RsaPublicKey},
+    rsa::{BigUint, Oaep, RsaPublicKey},
     scroll::{Pwrite, LE},
     spake2::{Ed25519Group, Identity, Password, Spake2},
     spki::SubjectPublicKeyInfoRef,

apple-codesign/src/yubikey.rs

@@ -12,13 +12,13 @@ use {
     },
     bcder::encode::Values,
     bytes::Bytes,
+    der::Encode,
     log::{error, warn},
     signature::Signer,
     std::{
         ops::DerefMut,
         sync::{Arc, Mutex, MutexGuard},
     },
-    x509::SubjectPublicKeyInfo,
     x509_certificate::{
         asn1time, rfc3280, rfc5280, CapturedX509Certificate, EcdsaCurve, KeyAlgorithm,
         KeyInfoSigner, Sign, Signature, SignatureAlgorithm, X509CertificateError,
@@ -209,7 +209,7 @@ impl YubiKey {
         for slot in slots {
             let cert = YkCertificate::read(yk, slot)?;
 
-            let cert = CapturedX509Certificate::from_der(cert.into_buffer().to_vec())?;
+            let cert = CapturedX509Certificate::from_der(cert.cert.to_der()?)?;
 
             res.push((slot, cert));
         }
@@ -273,7 +273,7 @@ impl YubiKey {
         attempt_authenticated_operation(
             yk.deref_mut(),
             |yk| {
-                let rsa_key = ::yubikey::piv::RsaKeyData::new(p, q);
+                let rsa_key = ::yubikey::piv::RsaKeyData::new(p, q)?;
 
                 import_rsa_key(yk, slot, algorithm, rsa_key, touch_policy, pin_policy)?;
 
@@ -453,7 +453,10 @@ impl YubiKey {
             subject,
             subject_public_key_info: rfc5280::SubjectPublicKeyInfo {
                 algorithm: key_algorithm.into(),
-                subject_public_key: bcder::BitString::new(0, key_info.public_key().into()),
+                subject_public_key: bcder::BitString::new(
+                    0,
+                    key_info.subject_public_key.raw_bytes().to_vec().into(),
+                ),
             },
             issuer_unique_id: None,
             subject_unique_id: None,