fdo-rs / fido-device-onboard-rs

An implementation of the FIDO Device Onboard (FDO) spec written in Rust.
BSD 3-Clause "New" or "Revised" License
62 stars 34 forks source link

Deserialize plain DI certs as raw DER #553

Open puiterwijk opened 1 year ago

puiterwijk commented 1 year ago

Because of the deserialize implementation that's automatically generated, at this moment the expected value for the public_key_store in the manufacturing server is a CBOR array of the DER certificate. This commit adds a new type PlainBytes which (de)serializes transparently, and makes the manufacturing server use it for the public key store.

NOTE: this means that with this patch, the store format on disk changes. This store is a ReadOnly (the server will never write to it), but if anyone would've put a CBOR file in place, that will now fail to open. Raw DER was always the intention (and documented) format, but it still is a risk.

Fixes: #477

7flying commented 1 year ago

tested, works as expected, @puiterwijk you've got a commit lint warning, can you rename your commit to something like "fix: deserialize plain DI certs as raw DER", thanks!