diff options
author | Sam Saccone <samccone@google.com> | 2023-12-19 01:22:27 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2023-12-19 01:22:27 +0000 |
commit | dcbba4d46d8edcc4c79df047e0966823c361bed2 (patch) | |
tree | 820fbb9ea9a539f139b6f6d44bdaa9a58e9a1999 | |
parent | ae99e804d804749a4c54b712916544086db0d59d (diff) | |
download | pkcs8-dcbba4d46d8edcc4c79df047e0966823c361bed2.tar.gz |
Revert "Upgrade pkcs8 to 0.10.2"
Revert submission 2877402-der_derive-0.7.2
Reason for revert: b/316953077
Reverted changes: /q/submissionid:2877402-der_derive-0.7.2
Change-Id: Ib71e95477759bcb6731b514beb8c6ed7e1dc219f
-rw-r--r-- | .cargo_vcs_info.json | 2 | ||||
-rw-r--r-- | Android.bp | 4 | ||||
-rw-r--r-- | CHANGELOG.md | 24 | ||||
-rw-r--r-- | Cargo.toml | 15 | ||||
-rw-r--r-- | Cargo.toml.orig | 15 | ||||
-rw-r--r-- | LICENSE-MIT | 25 | ||||
-rw-r--r-- | METADATA | 26 | ||||
-rw-r--r-- | README.md | 4 | ||||
-rw-r--r-- | src/encrypted_private_key_info.rs | 33 | ||||
-rw-r--r-- | src/error.rs | 2 | ||||
-rw-r--r-- | src/lib.rs | 23 | ||||
-rw-r--r-- | src/private_key_info.rs | 74 | ||||
-rw-r--r-- | src/traits.rs | 27 | ||||
-rw-r--r-- | src/version.rs | 4 | ||||
-rw-r--r-- | tests/encrypted_private_key.rs | 4 | ||||
-rw-r--r-- | tests/private_key.rs | 15 | ||||
-rw-r--r-- | tests/traits.rs | 8 |
17 files changed, 127 insertions, 178 deletions
diff --git a/.cargo_vcs_info.json b/.cargo_vcs_info.json index d445424..68186e0 100644 --- a/.cargo_vcs_info.json +++ b/.cargo_vcs_info.json @@ -1,6 +1,6 @@ { "git": { - "sha1": "7736dd21389b8820dfeb396e8c4c932de93d3ddf" + "sha1": "974c2c7c88bc8d0541895a6e200c3ea9f91a33af" }, "path_in_vcs": "pkcs8" }
\ No newline at end of file @@ -35,7 +35,7 @@ rust_library_host { name: "libpkcs8", crate_name: "pkcs8", cargo_env_compat: true, - cargo_pkg_version: "0.10.2", + cargo_pkg_version: "0.9.0", srcs: ["src/lib.rs"], edition: "2021", features: ["alloc"], @@ -49,7 +49,7 @@ rust_library_rlib { name: "libpkcs8_nostd", crate_name: "pkcs8", cargo_env_compat: true, - cargo_pkg_version: "0.10.2", + cargo_pkg_version: "0.9.0", srcs: ["src/lib.rs"], edition: "2021", features: ["alloc"], diff --git a/CHANGELOG.md b/CHANGELOG.md index 1f754d5..15889d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,30 +4,6 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## 0.10.2 (2023-04-04) -### Changed -- Bump `spki` to v0.7.1 ([#981]) - -[#981]: https://github.com/RustCrypto/formats/pull/981 - -## 0.10.1 (2023-03-05) -### Added -- `sha1-insecure` feature ([#913]) - -[#913]: https://github.com/RustCrypto/formats/pull/913 - -## 0.10.0 (2023-02-26) [YANKED] -### Changed -- Use blanket impls for `Decode*` traits ([#785]) -- Bump `der` dependency to v0.7 ([#899]) -- Bump `spki` dependency to v0.7 ([#900]) -- Bump `pkcs5` dependency to v0.7 ([#901]) - -[#785]: https://github.com/RustCrypto/formats/pull/785 -[#899]: https://github.com/RustCrypto/formats/pull/899 -[#900]: https://github.com/RustCrypto/formats/pull/900 -[#901]: https://github.com/RustCrypto/formats/pull/901 - ## 0.9.0 (2022-05-08) ### Added - Error conversion support to `pkcs8::spki::Error` ([#335]) @@ -11,9 +11,9 @@ [package] edition = "2021" -rust-version = "1.65" +rust-version = "1.57" name = "pkcs8" -version = "0.10.2" +version = "0.9.0" authors = ["RustCrypto Developers"] description = """ Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #8: @@ -36,6 +36,7 @@ categories = [ ] license = "Apache-2.0 OR MIT" repository = "https://github.com/RustCrypto/formats/tree/master/pkcs8" +resolver = "2" [package.metadata.docs.rs] all-features = true @@ -45,11 +46,11 @@ rustdoc-args = [ ] [dependencies.der] -version = "0.7" +version = "0.6" features = ["oid"] [dependencies.pkcs5] -version = "0.7" +version = "0.5" optional = true [dependencies.rand_core] @@ -58,7 +59,7 @@ optional = true default-features = false [dependencies.spki] -version = "0.7.1" +version = "0.6" [dependencies.subtle] version = "2" @@ -97,9 +98,9 @@ pem = [ "der/pem", "spki/pem", ] -sha1-insecure = [ +sha1 = [ "encryption", - "pkcs5/sha1-insecure", + "pkcs5/sha1", ] std = [ "alloc", diff --git a/Cargo.toml.orig b/Cargo.toml.orig index 9ffae2b..c5e821a 100644 --- a/Cargo.toml.orig +++ b/Cargo.toml.orig @@ -1,6 +1,6 @@ [package] name = "pkcs8" -version = "0.10.2" +version = "0.9.0" # Also update html_root_url in lib.rs when bumping this description = """ Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #8: Private-Key Information Syntax Specification (RFC 5208), with additional @@ -13,15 +13,15 @@ categories = ["cryptography", "data-structures", "encoding", "no-std", "parser-i keywords = ["crypto", "key", "pkcs", "private"] readme = "README.md" edition = "2021" -rust-version = "1.65" +rust-version = "1.57" [dependencies] -der = { version = "0.7", features = ["oid"], path = "../der" } -spki = { version = "0.7.1", path = "../spki" } +der = { version = "0.6", features = ["oid"], path = "../der" } +spki = { version = "0.6", path = "../spki" } # optional dependencies rand_core = { version = "0.6", optional = true, default-features = false } -pkcs5 = { version = "0.7", optional = true, path = "../pkcs5" } +pkcs5 = { version = "0.5", optional = true, path = "../pkcs5" } subtle = { version = "2", optional = true, default-features = false } [dev-dependencies] @@ -30,14 +30,13 @@ tempfile = "3" [features] alloc = ["der/alloc", "der/zeroize", "spki/alloc"] -std = ["alloc", "der/std", "spki/std"] - 3des = ["encryption", "pkcs5/3des"] des-insecure = ["encryption", "pkcs5/des-insecure"] encryption = ["alloc", "pkcs5/alloc", "pkcs5/pbes2", "rand_core"] getrandom = ["rand_core/getrandom"] pem = ["alloc", "der/pem", "spki/pem"] -sha1-insecure = ["encryption", "pkcs5/sha1-insecure"] +sha1 = ["encryption", "pkcs5/sha1"] +std = ["alloc", "der/std", "spki/std"] [package.metadata.docs.rs] all-features = true diff --git a/LICENSE-MIT b/LICENSE-MIT deleted file mode 100644 index e0d0827..0000000 --- a/LICENSE-MIT +++ /dev/null @@ -1,25 +0,0 @@ -Copyright (c) 2020-2023 The RustCrypto Project Developers - -Permission is hereby granted, free of charge, to any -person obtaining a copy of this software and associated -documentation files (the "Software"), to deal in the -Software without restriction, including without -limitation the rights to use, copy, modify, merge, -publish, distribute, sublicense, and/or sell copies of -the Software, and to permit persons to whom the Software -is furnished to do so, subject to the following -conditions: - -The above copyright notice and this permission notice -shall be included in all copies or substantial portions -of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF -ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED -TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A -PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT -SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR -IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER -DEALINGS IN THE SOFTWARE. @@ -1,20 +1,20 @@ -# This project was upgraded with external_updater. -# Usage: tools/external_updater/updater.sh update rust/crates/pkcs8 -# For more info, check https://cs.android.com/android/platform/superproject/+/main:tools/external_updater/README.md - name: "pkcs8" description: "Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #8: Private-Key Information Syntax Specification (RFC 5208)." third_party { + url { + type: HOMEPAGE + value: "https://crates.io/crates/pkcs8" + } + url { + type: ARCHIVE + value: "https://static.crates.io/crates/pkcs8/pkcs8-0.9.0.crate" + } + version: "0.9.0" + # Dual-licensed, using the least restrictive per go/thirdpartylicenses#same. license_type: NOTICE last_upgrade_date { - year: 2023 - month: 12 - day: 15 - } - homepage: "https://crates.io/crates/pkcs8" - identifier { - type: "Archive" - value: "https://static.crates.io/crates/pkcs8/pkcs8-0.10.2.crate" - version: "0.10.2" + year: 2022 + month: 9 + day: 6 } } @@ -54,7 +54,7 @@ algorithm, including the ones listed above or other algorithms. ## Minimum Supported Rust Version -This crate requires **Rust 1.65** at a minimum. +This crate requires **Rust 1.57** at a minimum. We may change the MSRV in the future, but it will be accompanied by a minor version bump. @@ -81,7 +81,7 @@ dual licensed as above, without any additional terms or conditions. [docs-image]: https://docs.rs/pkcs8/badge.svg [docs-link]: https://docs.rs/pkcs8/ [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg -[rustc-image]: https://img.shields.io/badge/rustc-1.65+-blue.svg +[rustc-image]: https://img.shields.io/badge/rustc-1.57+-blue.svg [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/300570-formats [build-image]: https://github.com/RustCrypto/formats/workflows/pkcs8/badge.svg?branch=master&event=push diff --git a/src/encrypted_private_key_info.rs b/src/encrypted_private_key_info.rs index d55949c..460e3f6 100644 --- a/src/encrypted_private_key_info.rs +++ b/src/encrypted_private_key_info.rs @@ -2,10 +2,7 @@ use crate::{Error, Result}; use core::fmt; -use der::{ - asn1::OctetStringRef, Decode, DecodeValue, Encode, EncodeValue, Header, Length, Reader, - Sequence, Writer, -}; +use der::{asn1::OctetStringRef, Decode, DecodeValue, Encode, Header, Reader, Sequence}; use pkcs5::EncryptionScheme; #[cfg(feature = "alloc")] @@ -39,6 +36,7 @@ use der::pem::PemLabel; /// ``` /// /// [RFC 5208 Section 6]: https://tools.ietf.org/html/rfc5208#section-6 +#[cfg_attr(docsrs, doc(cfg(feature = "pkcs5")))] #[derive(Clone, Eq, PartialEq)] pub struct EncryptedPrivateKeyInfo<'a> { /// Algorithm identifier describing a password-based symmetric encryption @@ -53,6 +51,7 @@ impl<'a> EncryptedPrivateKeyInfo<'a> { /// Attempt to decrypt this encrypted private key using the provided /// password to derive an encryption key. #[cfg(feature = "encryption")] + #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))] pub fn decrypt(&self, password: impl AsRef<[u8]>) -> Result<SecretDocument> { Ok(self .encryption_algorithm @@ -63,6 +62,7 @@ impl<'a> EncryptedPrivateKeyInfo<'a> { /// Encrypt the given ASN.1 DER document using a symmetric encryption key /// derived from the provided password. #[cfg(feature = "encryption")] + #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))] pub(crate) fn encrypt( mut rng: impl CryptoRng + RngCore, password: impl AsRef<[u8]>, @@ -81,6 +81,7 @@ impl<'a> EncryptedPrivateKeyInfo<'a> { /// Encrypt this private key using a symmetric encryption key derived /// from the provided password and [`pbes2::Parameters`]. #[cfg(feature = "encryption")] + #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))] pub(crate) fn encrypt_with( pbes2_params: pbes2::Parameters<'a>, password: impl AsRef<[u8]>, @@ -110,21 +111,18 @@ impl<'a> DecodeValue<'a> for EncryptedPrivateKeyInfo<'a> { } } -impl EncodeValue for EncryptedPrivateKeyInfo<'_> { - fn value_len(&self) -> der::Result<Length> { - self.encryption_algorithm.encoded_len()? - + OctetStringRef::new(self.encrypted_data)?.encoded_len()? - } - - fn encode_value(&self, writer: &mut impl Writer) -> der::Result<()> { - self.encryption_algorithm.encode(writer)?; - OctetStringRef::new(self.encrypted_data)?.encode(writer)?; - Ok(()) +impl<'a> Sequence<'a> for EncryptedPrivateKeyInfo<'a> { + fn fields<F, T>(&self, f: F) -> der::Result<T> + where + F: FnOnce(&[&dyn Encode]) -> der::Result<T>, + { + f(&[ + &self.encryption_algorithm, + &OctetStringRef::new(self.encrypted_data)?, + ]) } } -impl<'a> Sequence<'a> for EncryptedPrivateKeyInfo<'a> {} - impl<'a> TryFrom<&'a [u8]> for EncryptedPrivateKeyInfo<'a> { type Error = Error; @@ -142,6 +140,7 @@ impl<'a> fmt::Debug for EncryptedPrivateKeyInfo<'a> { } #[cfg(feature = "alloc")] +#[cfg_attr(docsrs, doc(cfg(all(feature = "alloc", feature = "pkcs5"))))] impl TryFrom<EncryptedPrivateKeyInfo<'_>> for SecretDocument { type Error = Error; @@ -151,6 +150,7 @@ impl TryFrom<EncryptedPrivateKeyInfo<'_>> for SecretDocument { } #[cfg(feature = "alloc")] +#[cfg_attr(docsrs, doc(cfg(all(feature = "alloc", feature = "pkcs5"))))] impl TryFrom<&EncryptedPrivateKeyInfo<'_>> for SecretDocument { type Error = Error; @@ -160,6 +160,7 @@ impl TryFrom<&EncryptedPrivateKeyInfo<'_>> for SecretDocument { } #[cfg(feature = "pem")] +#[cfg_attr(docsrs, doc(cfg(feature = "pem")))] impl PemLabel for EncryptedPrivateKeyInfo<'_> { const PEM_LABEL: &'static str = "ENCRYPTED PRIVATE KEY"; } diff --git a/src/error.rs b/src/error.rs index 70c60ae..bc4c2ea 100644 --- a/src/error.rs +++ b/src/error.rs @@ -26,7 +26,7 @@ pub enum Error { /// or [`SubjectPublicKeyInfo::subject_public_key`][`crate::SubjectPublicKeyInfo::subject_public_key`]. KeyMalformed, - /// [`AlgorithmIdentifier::parameters`][`crate::AlgorithmIdentifierRef::parameters`] + /// [`AlgorithmIdentifier::parameters`][`crate::AlgorithmIdentifier::parameters`] /// is malformed or otherwise encoded in an unexpected manner. ParametersMalformed, @@ -1,19 +1,13 @@ #![no_std] -#![cfg_attr(docsrs, feature(doc_auto_cfg))] +#![cfg_attr(docsrs, feature(doc_cfg))] #![doc = include_str!("../README.md")] #![doc( - html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg", - html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" -)] -#![forbid(unsafe_code)] -#![warn( - clippy::mod_module_files, - clippy::unwrap_used, - missing_docs, - rust_2018_idioms, - unused_lifetimes, - unused_qualifications + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg", + html_root_url = "https://docs.rs/pkcs8/0.9.0-pre" )] +#![forbid(unsafe_code, clippy::unwrap_used)] +#![warn(missing_docs, rust_2018_idioms, unused_qualifications)] //! ## About this crate //! This library provides generalized PKCS#8 support designed to work with a @@ -94,9 +88,7 @@ pub use crate::{ version::Version, }; pub use der::{self, asn1::ObjectIdentifier, oid::AssociatedOid}; -pub use spki::{ - self, AlgorithmIdentifierRef, DecodePublicKey, SubjectPublicKeyInfo, SubjectPublicKeyInfoRef, -}; +pub use spki::{self, AlgorithmIdentifier, DecodePublicKey, SubjectPublicKeyInfo}; #[cfg(feature = "alloc")] pub use { @@ -106,6 +98,7 @@ pub use { }; #[cfg(feature = "pem")] +#[cfg_attr(docsrs, doc(cfg(feature = "pem")))] pub use der::pem::LineEnding; #[cfg(feature = "pkcs5")] diff --git a/src/private_key_info.rs b/src/private_key_info.rs index ecae624..52f0878 100644 --- a/src/private_key_info.rs +++ b/src/private_key_info.rs @@ -1,11 +1,10 @@ //! PKCS#8 `PrivateKeyInfo`. -use crate::{AlgorithmIdentifierRef, Error, Result, Version}; +use crate::{AlgorithmIdentifier, Error, Result, Version}; use core::fmt; use der::{ asn1::{AnyRef, BitStringRef, ContextSpecific, OctetStringRef}, - Decode, DecodeValue, Encode, EncodeValue, Header, Length, Reader, Sequence, TagMode, TagNumber, - Writer, + Decode, DecodeValue, Encode, Header, Reader, Sequence, TagMode, TagNumber, }; #[cfg(feature = "alloc")] @@ -30,7 +29,7 @@ const PUBLIC_KEY_TAG: TagNumber = TagNumber::N1; /// PKCS#8 `PrivateKeyInfo`. /// -/// ASN.1 structure containing an `AlgorithmIdentifier`, private key +/// ASN.1 structure containing an [`AlgorithmIdentifier`], private key /// data in an algorithm specific format, and optional attributes /// (ignored by this implementation). /// @@ -91,8 +90,8 @@ const PUBLIC_KEY_TAG: TagNumber = TagNumber::N1; /// [RFC 5958 Section 2]: https://datatracker.ietf.org/doc/html/rfc5958#section-2 #[derive(Clone)] pub struct PrivateKeyInfo<'a> { - /// X.509 `AlgorithmIdentifier` for the private key type. - pub algorithm: AlgorithmIdentifierRef<'a>, + /// X.509 [`AlgorithmIdentifier`] for the private key type. + pub algorithm: AlgorithmIdentifier<'a>, /// Private key data. pub private_key: &'a [u8], @@ -106,7 +105,7 @@ impl<'a> PrivateKeyInfo<'a> { /// /// This is a helper method which initializes `attributes` and `public_key` /// to `None`, helpful if you aren't using those. - pub fn new(algorithm: AlgorithmIdentifierRef<'a>, private_key: &'a [u8]) -> Self { + pub fn new(algorithm: AlgorithmIdentifier<'a>, private_key: &'a [u8]) -> Self { Self { algorithm, private_key, @@ -135,39 +134,28 @@ impl<'a> PrivateKeyInfo<'a> { /// - p: 1 /// - Cipher: AES-256-CBC (best available option for PKCS#5 encryption) #[cfg(feature = "encryption")] + #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))] pub fn encrypt( &self, rng: impl CryptoRng + RngCore, password: impl AsRef<[u8]>, ) -> Result<SecretDocument> { - let der = Zeroizing::new(self.to_der()?); + let der = Zeroizing::new(self.to_vec()?); EncryptedPrivateKeyInfo::encrypt(rng, password, der.as_ref()) } /// Encrypt this private key using a symmetric encryption key derived /// from the provided password and [`pbes2::Parameters`]. #[cfg(feature = "encryption")] + #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))] pub fn encrypt_with_params( &self, pbes2_params: pbes2::Parameters<'_>, password: impl AsRef<[u8]>, ) -> Result<SecretDocument> { - let der = Zeroizing::new(self.to_der()?); + let der = Zeroizing::new(self.to_vec()?); EncryptedPrivateKeyInfo::encrypt_with(pbes2_params, password, der.as_ref()) } - - /// Get a `BIT STRING` representation of the public key, if present. - fn public_key_bit_string(&self) -> der::Result<Option<ContextSpecific<BitStringRef<'a>>>> { - self.public_key - .map(|pk| { - BitStringRef::from_bytes(pk).map(|value| ContextSpecific { - tag_number: PUBLIC_KEY_TAG, - tag_mode: TagMode::Implicit, - value, - }) - }) - .transpose() - } } impl<'a> DecodeValue<'a> for PrivateKeyInfo<'a> { @@ -213,25 +201,29 @@ impl<'a> DecodeValue<'a> for PrivateKeyInfo<'a> { } } -impl EncodeValue for PrivateKeyInfo<'_> { - fn value_len(&self) -> der::Result<Length> { - self.version().encoded_len()? - + self.algorithm.encoded_len()? - + OctetStringRef::new(self.private_key)?.encoded_len()? - + self.public_key_bit_string()?.encoded_len()? - } - - fn encode_value(&self, writer: &mut impl Writer) -> der::Result<()> { - self.version().encode(writer)?; - self.algorithm.encode(writer)?; - OctetStringRef::new(self.private_key)?.encode(writer)?; - self.public_key_bit_string()?.encode(writer)?; - Ok(()) +impl<'a> Sequence<'a> for PrivateKeyInfo<'a> { + fn fields<F, T>(&self, f: F) -> der::Result<T> + where + F: FnOnce(&[&dyn Encode]) -> der::Result<T>, + { + f(&[ + &u8::from(self.version()), + &self.algorithm, + &OctetStringRef::new(self.private_key)?, + &self + .public_key + .map(|pk| { + BitStringRef::from_bytes(pk).map(|value| ContextSpecific { + tag_number: PUBLIC_KEY_TAG, + tag_mode: TagMode::Implicit, + value, + }) + }) + .transpose()?, + ]) } } -impl<'a> Sequence<'a> for PrivateKeyInfo<'a> {} - impl<'a> TryFrom<&'a [u8]> for PrivateKeyInfo<'a> { type Error = Error; @@ -251,6 +243,7 @@ impl<'a> fmt::Debug for PrivateKeyInfo<'a> { } #[cfg(feature = "alloc")] +#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] impl TryFrom<PrivateKeyInfo<'_>> for SecretDocument { type Error = Error; @@ -260,6 +253,7 @@ impl TryFrom<PrivateKeyInfo<'_>> for SecretDocument { } #[cfg(feature = "alloc")] +#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] impl TryFrom<&PrivateKeyInfo<'_>> for SecretDocument { type Error = Error; @@ -269,11 +263,13 @@ impl TryFrom<&PrivateKeyInfo<'_>> for SecretDocument { } #[cfg(feature = "pem")] +#[cfg_attr(docsrs, doc(cfg(feature = "pem")))] impl PemLabel for PrivateKeyInfo<'_> { const PEM_LABEL: &'static str = "PRIVATE KEY"; } #[cfg(feature = "subtle")] +#[cfg_attr(docsrs, doc(cfg(feature = "subtle")))] impl<'a> ConstantTimeEq for PrivateKeyInfo<'a> { fn ct_eq(&self, other: &Self) -> Choice { // NOTE: public fields are not compared in constant time @@ -285,9 +281,11 @@ impl<'a> ConstantTimeEq for PrivateKeyInfo<'a> { } #[cfg(feature = "subtle")] +#[cfg_attr(docsrs, doc(cfg(feature = "subtle")))] impl<'a> Eq for PrivateKeyInfo<'a> {} #[cfg(feature = "subtle")] +#[cfg_attr(docsrs, doc(cfg(feature = "subtle")))] impl<'a> PartialEq for PrivateKeyInfo<'a> { fn eq(&self, other: &Self) -> bool { self.ct_eq(other).into() diff --git a/src/traits.rs b/src/traits.rs index b4f80b2..dd86b90 100644 --- a/src/traits.rs +++ b/src/traits.rs @@ -21,14 +21,17 @@ use der::pem::PemLabel; use std::path::Path; /// Parse a private key object from a PKCS#8 encoded document. -pub trait DecodePrivateKey: Sized { +pub trait DecodePrivateKey: for<'a> TryFrom<PrivateKeyInfo<'a>, Error = Error> + Sized { /// Deserialize PKCS#8 private key from ASN.1 DER-encoded data /// (binary format). - fn from_pkcs8_der(bytes: &[u8]) -> Result<Self>; + fn from_pkcs8_der(bytes: &[u8]) -> Result<Self> { + Self::try_from(PrivateKeyInfo::try_from(bytes)?) + } /// Deserialize encrypted PKCS#8 private key from ASN.1 DER-encoded data /// (binary format) and attempt to decrypt it using the provided password. #[cfg(feature = "encryption")] + #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))] fn from_pkcs8_encrypted_der(bytes: &[u8], password: impl AsRef<[u8]>) -> Result<Self> { let doc = EncryptedPrivateKeyInfo::try_from(bytes)?.decrypt(password)?; Self::from_pkcs8_der(doc.as_bytes()) @@ -42,6 +45,7 @@ pub trait DecodePrivateKey: Sized { /// -----BEGIN PRIVATE KEY----- /// ``` #[cfg(feature = "pem")] + #[cfg_attr(docsrs, doc(cfg(feature = "pem")))] fn from_pkcs8_pem(s: &str) -> Result<Self> { let (label, doc) = SecretDocument::from_pem(s)?; PrivateKeyInfo::validate_pem_label(label)?; @@ -57,6 +61,7 @@ pub trait DecodePrivateKey: Sized { /// -----BEGIN ENCRYPTED PRIVATE KEY----- /// ``` #[cfg(all(feature = "encryption", feature = "pem"))] + #[cfg_attr(docsrs, doc(cfg(all(feature = "encryption", feature = "pem"))))] fn from_pkcs8_encrypted_pem(s: &str, password: impl AsRef<[u8]>) -> Result<Self> { let (label, doc) = SecretDocument::from_pem(s)?; EncryptedPrivateKeyInfo::validate_pem_label(label)?; @@ -66,12 +71,15 @@ pub trait DecodePrivateKey: Sized { /// Load PKCS#8 private key from an ASN.1 DER-encoded file on the local /// filesystem (binary format). #[cfg(feature = "std")] + #[cfg_attr(docsrs, doc(cfg(feature = "std")))] fn read_pkcs8_der_file(path: impl AsRef<Path>) -> Result<Self> { Self::from_pkcs8_der(SecretDocument::read_der_file(path)?.as_bytes()) } /// Load PKCS#8 private key from a PEM-encoded file on the local filesystem. #[cfg(all(feature = "pem", feature = "std"))] + #[cfg_attr(docsrs, doc(cfg(feature = "pem")))] + #[cfg_attr(docsrs, doc(cfg(feature = "std")))] fn read_pkcs8_pem_file(path: impl AsRef<Path>) -> Result<Self> { let (label, doc) = SecretDocument::read_pem_file(path)?; PrivateKeyInfo::validate_pem_label(&label)?; @@ -79,17 +87,9 @@ pub trait DecodePrivateKey: Sized { } } -impl<T> DecodePrivateKey for T -where - T: for<'a> TryFrom<PrivateKeyInfo<'a>, Error = Error>, -{ - fn from_pkcs8_der(bytes: &[u8]) -> Result<Self> { - Self::try_from(PrivateKeyInfo::try_from(bytes)?) - } -} - /// Serialize a private key object to a PKCS#8 encoded document. #[cfg(feature = "alloc")] +#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] pub trait EncodePrivateKey { /// Serialize a [`SecretDocument`] containing a PKCS#8-encoded private key. fn to_pkcs8_der(&self) -> Result<SecretDocument>; @@ -97,6 +97,7 @@ pub trait EncodePrivateKey { /// Create an [`SecretDocument`] containing the ciphertext of /// a PKCS#8 encoded private key encrypted under the given `password`. #[cfg(feature = "encryption")] + #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))] fn to_pkcs8_encrypted_der( &self, rng: impl CryptoRng + RngCore, @@ -107,6 +108,7 @@ pub trait EncodePrivateKey { /// Serialize this private key as PEM-encoded PKCS#8 with the given [`LineEnding`]. #[cfg(feature = "pem")] + #[cfg_attr(docsrs, doc(cfg(feature = "pem")))] fn to_pkcs8_pem(&self, line_ending: LineEnding) -> Result<Zeroizing<String>> { let doc = self.to_pkcs8_der()?; Ok(doc.to_pem(PrivateKeyInfo::PEM_LABEL, line_ending)?) @@ -115,6 +117,7 @@ pub trait EncodePrivateKey { /// Serialize this private key as an encrypted PEM-encoded PKCS#8 private /// key using the `provided` to derive an encryption key. #[cfg(all(feature = "encryption", feature = "pem"))] + #[cfg_attr(docsrs, doc(cfg(all(feature = "encryption", feature = "pem"))))] fn to_pkcs8_encrypted_pem( &self, rng: impl CryptoRng + RngCore, @@ -127,12 +130,14 @@ pub trait EncodePrivateKey { /// Write ASN.1 DER-encoded PKCS#8 private key to the given path #[cfg(feature = "std")] + #[cfg_attr(docsrs, doc(cfg(feature = "std")))] fn write_pkcs8_der_file(&self, path: impl AsRef<Path>) -> Result<()> { Ok(self.to_pkcs8_der()?.write_der_file(path)?) } /// Write ASN.1 DER-encoded PKCS#8 private key to the given path #[cfg(all(feature = "pem", feature = "std"))] + #[cfg_attr(docsrs, doc(cfg(all(feature = "pem", feature = "std"))))] fn write_pkcs8_pem_file(&self, path: impl AsRef<Path>, line_ending: LineEnding) -> Result<()> { let doc = self.to_pkcs8_der()?; Ok(doc.write_pem_file(path, PrivateKeyInfo::PEM_LABEL, line_ending)?) diff --git a/src/version.rs b/src/version.rs index 0ca80bc..3393683 100644 --- a/src/version.rs +++ b/src/version.rs @@ -6,7 +6,7 @@ use der::{Decode, Encode, FixedTag, Reader, Tag, Writer}; /// Version identifier for PKCS#8 documents. /// /// (RFC 5958 designates `0` and `1` as the only valid versions for PKCS#8 documents) -#[derive(Clone, Debug, Copy, PartialEq, Eq)] +#[derive(Clone, Debug, Copy, PartialEq)] pub enum Version { /// Denotes PKCS#8 v1: no public key field. V1 = 0, @@ -36,7 +36,7 @@ impl Encode for Version { der::Length::from(1u8).for_tlv() } - fn encode(&self, writer: &mut impl Writer) -> der::Result<()> { + fn encode(&self, writer: &mut dyn Writer) -> der::Result<()> { u8::from(*self).encode(writer) } } diff --git a/tests/encrypted_private_key.rs b/tests/encrypted_private_key.rs index dbe0a18..2bd72ae 100644 --- a/tests/encrypted_private_key.rs +++ b/tests/encrypted_private_key.rs @@ -183,7 +183,7 @@ fn encrypt_ed25519_der_encpriv_aes256_pbkdf2_sha256() { #[test] fn encrypt_ed25519_der_encpriv_aes256_scrypt() { let scrypt_params = pkcs5::pbes2::Parameters::scrypt_aes256cbc( - pkcs5::scrypt::Params::new(15, 8, 1, 32).unwrap(), + Default::default(), &hex!("E6211E2348AD69E0"), &hex!("9BD0A6251F2254F9FD5963887C27CF01"), ) @@ -203,7 +203,7 @@ fn encode_ed25519_encpriv_aes256_pbkdf2_sha256_der() { let pk = EncryptedPrivateKeyInfo::try_from(ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE).unwrap(); assert_eq!( ED25519_DER_AES256_PBKDF2_SHA256_EXAMPLE, - &pk.to_der().unwrap() + &pk.to_vec().unwrap() ); } diff --git a/tests/private_key.rs b/tests/private_key.rs index 1ef0f73..15d6694 100644 --- a/tests/private_key.rs +++ b/tests/private_key.rs @@ -1,6 +1,5 @@ //! PKCS#8 private key tests -use der::asn1::ObjectIdentifier; use hex_literal::hex; use pkcs8::{PrivateKeyInfo, Version}; @@ -49,11 +48,7 @@ fn decode_ec_p256_der() { assert_eq!(pk.algorithm.oid, "1.2.840.10045.2.1".parse().unwrap()); assert_eq!( - pk.algorithm - .parameters - .unwrap() - .decode_as::<ObjectIdentifier>() - .unwrap(), + pk.algorithm.parameters.unwrap().oid().unwrap(), "1.2.840.10045.3.1.7".parse().unwrap() ); @@ -129,7 +124,7 @@ fn decode_x25519_der() { #[cfg(feature = "alloc")] fn encode_ec_p256_der() { let pk = PrivateKeyInfo::try_from(EC_P256_DER_EXAMPLE).unwrap(); - let pk_encoded = pk.to_der().unwrap(); + let pk_encoded = pk.to_vec().unwrap(); assert_eq!(EC_P256_DER_EXAMPLE, pk_encoded); } @@ -137,14 +132,14 @@ fn encode_ec_p256_der() { #[cfg(feature = "alloc")] fn encode_ed25519_der_v1() { let pk = PrivateKeyInfo::try_from(ED25519_DER_V1_EXAMPLE).unwrap(); - assert_eq!(ED25519_DER_V1_EXAMPLE, pk.to_der().unwrap()); + assert_eq!(ED25519_DER_V1_EXAMPLE, pk.to_vec().unwrap()); } #[test] #[cfg(all(feature = "alloc", feature = "subtle"))] fn encode_ed25519_der_v2() { let private_key = PrivateKeyInfo::try_from(ED25519_DER_V2_EXAMPLE).unwrap(); - let private_der = private_key.to_der().unwrap(); + let private_der = private_key.to_vec().unwrap(); assert_eq!( private_key, PrivateKeyInfo::try_from(private_der.as_ref()).unwrap() @@ -155,7 +150,7 @@ fn encode_ed25519_der_v2() { #[cfg(feature = "alloc")] fn encode_rsa_2048_der() { let pk = PrivateKeyInfo::try_from(RSA_2048_DER_EXAMPLE).unwrap(); - assert_eq!(RSA_2048_DER_EXAMPLE, &pk.to_der().unwrap()); + assert_eq!(RSA_2048_DER_EXAMPLE, &pk.to_vec().unwrap()); } #[test] diff --git a/tests/traits.rs b/tests/traits.rs index 4a603bb..1c8a969 100644 --- a/tests/traits.rs +++ b/tests/traits.rs @@ -30,6 +30,12 @@ impl AsRef<[u8]> for MockKey { } } +impl DecodePrivateKey for MockKey { + fn from_pkcs8_der(bytes: &[u8]) -> Result<MockKey> { + Ok(MockKey(bytes.to_vec())) + } +} + impl EncodePrivateKey for MockKey { fn to_pkcs8_der(&self) -> Result<SecretDocument> { Ok(SecretDocument::try_from(self.as_ref())?) @@ -40,7 +46,7 @@ impl TryFrom<PrivateKeyInfo<'_>> for MockKey { type Error = Error; fn try_from(pkcs8: PrivateKeyInfo<'_>) -> Result<MockKey> { - Ok(MockKey(pkcs8.to_der()?)) + Ok(MockKey(pkcs8.to_vec()?)) } } |