pkcs8 API changes (#446)

baloo · web-flow · commit aeedb5adf529 · 2024-09-05T17:34:06.000-06:00
see RustCrypto/formats#1483
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -65,3 +65,7 @@ rustdoc-args = ["--cfg", "docsrs"]
 
 [profile.dev]
 opt-level = 2
+
+[patch.crates-io]
+pkcs1 = { git = "https://github.com/RustCrypto/formats.git" }
+pkcs8 = { git = "https://github.com/RustCrypto/formats.git" }
diff --git a/src/encoding.rs b/src/encoding.rs
@@ -9,7 +9,8 @@ use crate::{
 };
 use core::convert::{TryFrom, TryInto};
 use pkcs8::{
-    der::Encode, Document, EncodePrivateKey, EncodePublicKey, ObjectIdentifier, SecretDocument,
+    der::{asn1::OctetStringRef, Encode},
+    Document, EncodePrivateKey, EncodePublicKey, ObjectIdentifier, SecretDocument,
 };
 use zeroize::Zeroizing;
 
@@ -37,10 +38,10 @@ pub(crate) fn verify_algorithm_id(
     Ok(())
 }
 
-impl TryFrom<pkcs8::PrivateKeyInfo<'_>> for RsaPrivateKey {
+impl TryFrom<pkcs8::PrivateKeyInfoRef<'_>> for RsaPrivateKey {
     type Error = pkcs8::Error;
 
-    fn try_from(private_key_info: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result<Self> {
+    fn try_from(private_key_info: pkcs8::PrivateKeyInfoRef<'_>) -> pkcs8::Result<Self> {
         verify_algorithm_id(&private_key_info.algorithm)?;
 
         let pkcs1_key = pkcs1::RsaPrivateKey::try_from(private_key_info.private_key)?;
@@ -110,7 +111,11 @@ impl EncodePrivateKey for RsaPrivateKey {
         }
         .to_der()?;
 
-        pkcs8::PrivateKeyInfo::new(pkcs1::ALGORITHM_ID, private_key.as_ref()).try_into()
+        pkcs8::PrivateKeyInfoRef::new(
+            pkcs1::ALGORITHM_ID,
+            OctetStringRef::new(private_key.as_ref())?,
+        )
+        .try_into()
     }
 }
 
diff --git a/src/pkcs1v15/signing_key.rs b/src/pkcs1v15/signing_key.rs
@@ -247,13 +247,13 @@ where
         };
 }
 
-impl<D> TryFrom<pkcs8::PrivateKeyInfo<'_>> for SigningKey<D>
+impl<D> TryFrom<pkcs8::PrivateKeyInfoRef<'_>> for SigningKey<D>
 where
     D: Digest + AssociatedOid,
 {
     type Error = pkcs8::Error;
 
-    fn try_from(private_key_info: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result<Self> {
+    fn try_from(private_key_info: pkcs8::PrivateKeyInfoRef<'_>) -> pkcs8::Result<Self> {
         private_key_info
             .algorithm
             .assert_algorithm_oid(pkcs1::ALGORITHM_OID)?;
diff --git a/src/pss/blinded_signing_key.rs b/src/pss/blinded_signing_key.rs
@@ -201,13 +201,13 @@ where
     }
 }
 
-impl<D> TryFrom<pkcs8::PrivateKeyInfo<'_>> for BlindedSigningKey<D>
+impl<D> TryFrom<pkcs8::PrivateKeyInfoRef<'_>> for BlindedSigningKey<D>
 where
     D: Digest + AssociatedOid,
 {
     type Error = pkcs8::Error;
 
-    fn try_from(private_key_info: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result<Self> {
+    fn try_from(private_key_info: pkcs8::PrivateKeyInfoRef<'_>) -> pkcs8::Result<Self> {
         RsaPrivateKey::try_from(private_key_info).map(Self::new)
     }
 }
diff --git a/src/pss/signing_key.rs b/src/pss/signing_key.rs
@@ -225,13 +225,13 @@ where
     }
 }
 
-impl<D> TryFrom<pkcs8::PrivateKeyInfo<'_>> for SigningKey<D>
+impl<D> TryFrom<pkcs8::PrivateKeyInfoRef<'_>> for SigningKey<D>
 where
     D: Digest + AssociatedOid,
 {
     type Error = pkcs8::Error;
 
-    fn try_from(private_key_info: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result<Self> {
+    fn try_from(private_key_info: pkcs8::PrivateKeyInfoRef<'_>) -> pkcs8::Result<Self> {
         verify_algorithm_id(&private_key_info.algorithm)?;
         RsaPrivateKey::try_from(private_key_info).map(Self::new)
     }

Original file line number	Diff line number	Diff line change
`@@ -247,13 +247,13 @@ where`
`247`	`247`	`};`
`248`	`248`	`}`
`249`	`249`
`250`		`-impl<D> TryFrom<pkcs8::PrivateKeyInfo<'_>> for SigningKey<D>`
	`250`	`+impl<D> TryFrom<pkcs8::PrivateKeyInfoRef<'_>> for SigningKey<D>`
`251`	`251`	`where`
`252`	`252`	`D: Digest + AssociatedOid,`
`253`	`253`	`{`
`254`	`254`	`type Error = pkcs8::Error;`
`255`	`255`
`256`		`- fn try_from(private_key_info: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result<Self> {`
	`256`	`+ fn try_from(private_key_info: pkcs8::PrivateKeyInfoRef<'_>) -> pkcs8::Result<Self> {`
`257`	`257`	`private_key_info`
`258`	`258`	`.algorithm`
`259`	`259`	`.assert_algorithm_oid(pkcs1::ALGORITHM_OID)?;`
Original file line number	Diff line number	Diff line change
`@@ -201,13 +201,13 @@ where`
`201`	`201`	`}`
`202`	`202`	`}`
`203`	`203`
`204`		`-impl<D> TryFrom<pkcs8::PrivateKeyInfo<'_>> for BlindedSigningKey<D>`
	`204`	`+impl<D> TryFrom<pkcs8::PrivateKeyInfoRef<'_>> for BlindedSigningKey<D>`
`205`	`205`	`where`
`206`	`206`	`D: Digest + AssociatedOid,`
`207`	`207`	`{`
`208`	`208`	`type Error = pkcs8::Error;`
`209`	`209`
`210`		`- fn try_from(private_key_info: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result<Self> {`
	`210`	`+ fn try_from(private_key_info: pkcs8::PrivateKeyInfoRef<'_>) -> pkcs8::Result<Self> {`
`211`	`211`	`RsaPrivateKey::try_from(private_key_info).map(Self::new)`
`212`	`212`	`}`
`213`	`213`	`}`
Original file line number	Diff line number	Diff line change
`@@ -225,13 +225,13 @@ where`
`225`	`225`	`}`
`226`	`226`	`}`
`227`	`227`
`228`		`-impl<D> TryFrom<pkcs8::PrivateKeyInfo<'_>> for SigningKey<D>`
	`228`	`+impl<D> TryFrom<pkcs8::PrivateKeyInfoRef<'_>> for SigningKey<D>`
`229`	`229`	`where`
`230`	`230`	`D: Digest + AssociatedOid,`
`231`	`231`	`{`
`232`	`232`	`type Error = pkcs8::Error;`
`233`	`233`
`234`		`- fn try_from(private_key_info: pkcs8::PrivateKeyInfo<'_>) -> pkcs8::Result<Self> {`
	`234`	`+ fn try_from(private_key_info: pkcs8::PrivateKeyInfoRef<'_>) -> pkcs8::Result<Self> {`
`235`	`235`	`verify_algorithm_id(&private_key_info.algorithm)?;`
`236`	`236`	`RsaPrivateKey::try_from(private_key_info).map(Self::new)`
`237`	`237`	`}`