From 837b550238aa671a591ccf282dddeab29cadb206 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 18 May 2024 04:49:42 +0200 Subject: Merging upstream version 1.71.1+dfsg1. Signed-off-by: Daniel Baumann --- vendor/pkcs8/src/encrypted_private_key_info.rs | 33 ++++++------ vendor/pkcs8/src/error.rs | 2 +- vendor/pkcs8/src/lib.rs | 23 +++++--- vendor/pkcs8/src/private_key_info.rs | 74 +++++++++++++------------- vendor/pkcs8/src/traits.rs | 27 ++++------ vendor/pkcs8/src/version.rs | 4 +- 6 files changed, 83 insertions(+), 80 deletions(-) (limited to 'vendor/pkcs8/src') diff --git a/vendor/pkcs8/src/encrypted_private_key_info.rs b/vendor/pkcs8/src/encrypted_private_key_info.rs index 460e3f6e3..d55949cad 100644 --- a/vendor/pkcs8/src/encrypted_private_key_info.rs +++ b/vendor/pkcs8/src/encrypted_private_key_info.rs @@ -2,7 +2,10 @@ use crate::{Error, Result}; use core::fmt; -use der::{asn1::OctetStringRef, Decode, DecodeValue, Encode, Header, Reader, Sequence}; +use der::{ + asn1::OctetStringRef, Decode, DecodeValue, Encode, EncodeValue, Header, Length, Reader, + Sequence, Writer, +}; use pkcs5::EncryptionScheme; #[cfg(feature = "alloc")] @@ -36,7 +39,6 @@ use der::pem::PemLabel; /// ``` /// /// [RFC 5208 Section 6]: https://tools.ietf.org/html/rfc5208#section-6 -#[cfg_attr(docsrs, doc(cfg(feature = "pkcs5")))] #[derive(Clone, Eq, PartialEq)] pub struct EncryptedPrivateKeyInfo<'a> { /// Algorithm identifier describing a password-based symmetric encryption @@ -51,7 +53,6 @@ impl<'a> EncryptedPrivateKeyInfo<'a> { /// Attempt to decrypt this encrypted private key using the provided /// password to derive an encryption key. #[cfg(feature = "encryption")] - #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))] pub fn decrypt(&self, password: impl AsRef<[u8]>) -> Result { Ok(self .encryption_algorithm @@ -62,7 +63,6 @@ impl<'a> EncryptedPrivateKeyInfo<'a> { /// Encrypt the given ASN.1 DER document using a symmetric encryption key /// derived from the provided password. #[cfg(feature = "encryption")] - #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))] pub(crate) fn encrypt( mut rng: impl CryptoRng + RngCore, password: impl AsRef<[u8]>, @@ -81,7 +81,6 @@ impl<'a> EncryptedPrivateKeyInfo<'a> { /// Encrypt this private key using a symmetric encryption key derived /// from the provided password and [`pbes2::Parameters`]. #[cfg(feature = "encryption")] - #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))] pub(crate) fn encrypt_with( pbes2_params: pbes2::Parameters<'a>, password: impl AsRef<[u8]>, @@ -111,18 +110,21 @@ impl<'a> DecodeValue<'a> for EncryptedPrivateKeyInfo<'a> { } } -impl<'a> Sequence<'a> for EncryptedPrivateKeyInfo<'a> { - fn fields(&self, f: F) -> der::Result - where - F: FnOnce(&[&dyn Encode]) -> der::Result, - { - f(&[ - &self.encryption_algorithm, - &OctetStringRef::new(self.encrypted_data)?, - ]) +impl EncodeValue for EncryptedPrivateKeyInfo<'_> { + fn value_len(&self) -> der::Result { + self.encryption_algorithm.encoded_len()? + + OctetStringRef::new(self.encrypted_data)?.encoded_len()? + } + + fn encode_value(&self, writer: &mut impl Writer) -> der::Result<()> { + self.encryption_algorithm.encode(writer)?; + OctetStringRef::new(self.encrypted_data)?.encode(writer)?; + Ok(()) } } +impl<'a> Sequence<'a> for EncryptedPrivateKeyInfo<'a> {} + impl<'a> TryFrom<&'a [u8]> for EncryptedPrivateKeyInfo<'a> { type Error = Error; @@ -140,7 +142,6 @@ impl<'a> fmt::Debug for EncryptedPrivateKeyInfo<'a> { } #[cfg(feature = "alloc")] -#[cfg_attr(docsrs, doc(cfg(all(feature = "alloc", feature = "pkcs5"))))] impl TryFrom> for SecretDocument { type Error = Error; @@ -150,7 +151,6 @@ impl TryFrom> for SecretDocument { } #[cfg(feature = "alloc")] -#[cfg_attr(docsrs, doc(cfg(all(feature = "alloc", feature = "pkcs5"))))] impl TryFrom<&EncryptedPrivateKeyInfo<'_>> for SecretDocument { type Error = Error; @@ -160,7 +160,6 @@ impl TryFrom<&EncryptedPrivateKeyInfo<'_>> for SecretDocument { } #[cfg(feature = "pem")] -#[cfg_attr(docsrs, doc(cfg(feature = "pem")))] impl PemLabel for EncryptedPrivateKeyInfo<'_> { const PEM_LABEL: &'static str = "ENCRYPTED PRIVATE KEY"; } diff --git a/vendor/pkcs8/src/error.rs b/vendor/pkcs8/src/error.rs index bc4c2eafe..70c60aedb 100644 --- a/vendor/pkcs8/src/error.rs +++ b/vendor/pkcs8/src/error.rs @@ -26,7 +26,7 @@ pub enum Error { /// or [`SubjectPublicKeyInfo::subject_public_key`][`crate::SubjectPublicKeyInfo::subject_public_key`]. KeyMalformed, - /// [`AlgorithmIdentifier::parameters`][`crate::AlgorithmIdentifier::parameters`] + /// [`AlgorithmIdentifier::parameters`][`crate::AlgorithmIdentifierRef::parameters`] /// is malformed or otherwise encoded in an unexpected manner. ParametersMalformed, diff --git a/vendor/pkcs8/src/lib.rs b/vendor/pkcs8/src/lib.rs index 1d2dfa284..33ceef8e2 100644 --- a/vendor/pkcs8/src/lib.rs +++ b/vendor/pkcs8/src/lib.rs @@ -1,13 +1,19 @@ #![no_std] -#![cfg_attr(docsrs, feature(doc_cfg))] +#![cfg_attr(docsrs, feature(doc_auto_cfg))] #![doc = include_str!("../README.md")] #![doc( - html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg", - html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg", - html_root_url = "https://docs.rs/pkcs8/0.9.0-pre" + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" +)] +#![forbid(unsafe_code)] +#![warn( + clippy::mod_module_files, + clippy::unwrap_used, + missing_docs, + rust_2018_idioms, + unused_lifetimes, + unused_qualifications )] -#![forbid(unsafe_code, clippy::unwrap_used)] -#![warn(missing_docs, rust_2018_idioms, unused_qualifications)] //! ## About this crate //! This library provides generalized PKCS#8 support designed to work with a @@ -84,7 +90,9 @@ pub use crate::{ version::Version, }; pub use der::{self, asn1::ObjectIdentifier, oid::AssociatedOid}; -pub use spki::{self, AlgorithmIdentifier, DecodePublicKey, SubjectPublicKeyInfo}; +pub use spki::{ + self, AlgorithmIdentifierRef, DecodePublicKey, SubjectPublicKeyInfo, SubjectPublicKeyInfoRef, +}; #[cfg(feature = "alloc")] pub use { @@ -94,7 +102,6 @@ pub use { }; #[cfg(feature = "pem")] -#[cfg_attr(docsrs, doc(cfg(feature = "pem")))] pub use der::pem::LineEnding; #[cfg(feature = "pkcs5")] diff --git a/vendor/pkcs8/src/private_key_info.rs b/vendor/pkcs8/src/private_key_info.rs index 52f0878d7..ecae624df 100644 --- a/vendor/pkcs8/src/private_key_info.rs +++ b/vendor/pkcs8/src/private_key_info.rs @@ -1,10 +1,11 @@ //! PKCS#8 `PrivateKeyInfo`. -use crate::{AlgorithmIdentifier, Error, Result, Version}; +use crate::{AlgorithmIdentifierRef, Error, Result, Version}; use core::fmt; use der::{ asn1::{AnyRef, BitStringRef, ContextSpecific, OctetStringRef}, - Decode, DecodeValue, Encode, Header, Reader, Sequence, TagMode, TagNumber, + Decode, DecodeValue, Encode, EncodeValue, Header, Length, Reader, Sequence, TagMode, TagNumber, + Writer, }; #[cfg(feature = "alloc")] @@ -29,7 +30,7 @@ const PUBLIC_KEY_TAG: TagNumber = TagNumber::N1; /// PKCS#8 `PrivateKeyInfo`. /// -/// ASN.1 structure containing an [`AlgorithmIdentifier`], private key +/// ASN.1 structure containing an `AlgorithmIdentifier`, private key /// data in an algorithm specific format, and optional attributes /// (ignored by this implementation). /// @@ -90,8 +91,8 @@ const PUBLIC_KEY_TAG: TagNumber = TagNumber::N1; /// [RFC 5958 Section 2]: https://datatracker.ietf.org/doc/html/rfc5958#section-2 #[derive(Clone)] pub struct PrivateKeyInfo<'a> { - /// X.509 [`AlgorithmIdentifier`] for the private key type. - pub algorithm: AlgorithmIdentifier<'a>, + /// X.509 `AlgorithmIdentifier` for the private key type. + pub algorithm: AlgorithmIdentifierRef<'a>, /// Private key data. pub private_key: &'a [u8], @@ -105,7 +106,7 @@ impl<'a> PrivateKeyInfo<'a> { /// /// This is a helper method which initializes `attributes` and `public_key` /// to `None`, helpful if you aren't using those. - pub fn new(algorithm: AlgorithmIdentifier<'a>, private_key: &'a [u8]) -> Self { + pub fn new(algorithm: AlgorithmIdentifierRef<'a>, private_key: &'a [u8]) -> Self { Self { algorithm, private_key, @@ -134,28 +135,39 @@ impl<'a> PrivateKeyInfo<'a> { /// - p: 1 /// - Cipher: AES-256-CBC (best available option for PKCS#5 encryption) #[cfg(feature = "encryption")] - #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))] pub fn encrypt( &self, rng: impl CryptoRng + RngCore, password: impl AsRef<[u8]>, ) -> Result { - let der = Zeroizing::new(self.to_vec()?); + let der = Zeroizing::new(self.to_der()?); EncryptedPrivateKeyInfo::encrypt(rng, password, der.as_ref()) } /// Encrypt this private key using a symmetric encryption key derived /// from the provided password and [`pbes2::Parameters`]. #[cfg(feature = "encryption")] - #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))] pub fn encrypt_with_params( &self, pbes2_params: pbes2::Parameters<'_>, password: impl AsRef<[u8]>, ) -> Result { - let der = Zeroizing::new(self.to_vec()?); + let der = Zeroizing::new(self.to_der()?); EncryptedPrivateKeyInfo::encrypt_with(pbes2_params, password, der.as_ref()) } + + /// Get a `BIT STRING` representation of the public key, if present. + fn public_key_bit_string(&self) -> der::Result>>> { + self.public_key + .map(|pk| { + BitStringRef::from_bytes(pk).map(|value| ContextSpecific { + tag_number: PUBLIC_KEY_TAG, + tag_mode: TagMode::Implicit, + value, + }) + }) + .transpose() + } } impl<'a> DecodeValue<'a> for PrivateKeyInfo<'a> { @@ -201,29 +213,25 @@ impl<'a> DecodeValue<'a> for PrivateKeyInfo<'a> { } } -impl<'a> Sequence<'a> for PrivateKeyInfo<'a> { - fn fields(&self, f: F) -> der::Result - where - F: FnOnce(&[&dyn Encode]) -> der::Result, - { - f(&[ - &u8::from(self.version()), - &self.algorithm, - &OctetStringRef::new(self.private_key)?, - &self - .public_key - .map(|pk| { - BitStringRef::from_bytes(pk).map(|value| ContextSpecific { - tag_number: PUBLIC_KEY_TAG, - tag_mode: TagMode::Implicit, - value, - }) - }) - .transpose()?, - ]) +impl EncodeValue for PrivateKeyInfo<'_> { + fn value_len(&self) -> der::Result { + self.version().encoded_len()? + + self.algorithm.encoded_len()? + + OctetStringRef::new(self.private_key)?.encoded_len()? + + self.public_key_bit_string()?.encoded_len()? + } + + fn encode_value(&self, writer: &mut impl Writer) -> der::Result<()> { + self.version().encode(writer)?; + self.algorithm.encode(writer)?; + OctetStringRef::new(self.private_key)?.encode(writer)?; + self.public_key_bit_string()?.encode(writer)?; + Ok(()) } } +impl<'a> Sequence<'a> for PrivateKeyInfo<'a> {} + impl<'a> TryFrom<&'a [u8]> for PrivateKeyInfo<'a> { type Error = Error; @@ -243,7 +251,6 @@ impl<'a> fmt::Debug for PrivateKeyInfo<'a> { } #[cfg(feature = "alloc")] -#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] impl TryFrom> for SecretDocument { type Error = Error; @@ -253,7 +260,6 @@ impl TryFrom> for SecretDocument { } #[cfg(feature = "alloc")] -#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] impl TryFrom<&PrivateKeyInfo<'_>> for SecretDocument { type Error = Error; @@ -263,13 +269,11 @@ impl TryFrom<&PrivateKeyInfo<'_>> for SecretDocument { } #[cfg(feature = "pem")] -#[cfg_attr(docsrs, doc(cfg(feature = "pem")))] impl PemLabel for PrivateKeyInfo<'_> { const PEM_LABEL: &'static str = "PRIVATE KEY"; } #[cfg(feature = "subtle")] -#[cfg_attr(docsrs, doc(cfg(feature = "subtle")))] impl<'a> ConstantTimeEq for PrivateKeyInfo<'a> { fn ct_eq(&self, other: &Self) -> Choice { // NOTE: public fields are not compared in constant time @@ -281,11 +285,9 @@ impl<'a> ConstantTimeEq for PrivateKeyInfo<'a> { } #[cfg(feature = "subtle")] -#[cfg_attr(docsrs, doc(cfg(feature = "subtle")))] impl<'a> Eq for PrivateKeyInfo<'a> {} #[cfg(feature = "subtle")] -#[cfg_attr(docsrs, doc(cfg(feature = "subtle")))] impl<'a> PartialEq for PrivateKeyInfo<'a> { fn eq(&self, other: &Self) -> bool { self.ct_eq(other).into() diff --git a/vendor/pkcs8/src/traits.rs b/vendor/pkcs8/src/traits.rs index dd86b90ef..b4f80b2e7 100644 --- a/vendor/pkcs8/src/traits.rs +++ b/vendor/pkcs8/src/traits.rs @@ -21,17 +21,14 @@ use der::pem::PemLabel; use std::path::Path; /// Parse a private key object from a PKCS#8 encoded document. -pub trait DecodePrivateKey: for<'a> TryFrom, Error = Error> + Sized { +pub trait DecodePrivateKey: Sized { /// Deserialize PKCS#8 private key from ASN.1 DER-encoded data /// (binary format). - fn from_pkcs8_der(bytes: &[u8]) -> Result { - Self::try_from(PrivateKeyInfo::try_from(bytes)?) - } + fn from_pkcs8_der(bytes: &[u8]) -> Result; /// Deserialize encrypted PKCS#8 private key from ASN.1 DER-encoded data /// (binary format) and attempt to decrypt it using the provided password. #[cfg(feature = "encryption")] - #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))] fn from_pkcs8_encrypted_der(bytes: &[u8], password: impl AsRef<[u8]>) -> Result { let doc = EncryptedPrivateKeyInfo::try_from(bytes)?.decrypt(password)?; Self::from_pkcs8_der(doc.as_bytes()) @@ -45,7 +42,6 @@ pub trait DecodePrivateKey: for<'a> TryFrom, Error = Error> + /// -----BEGIN PRIVATE KEY----- /// ``` #[cfg(feature = "pem")] - #[cfg_attr(docsrs, doc(cfg(feature = "pem")))] fn from_pkcs8_pem(s: &str) -> Result { let (label, doc) = SecretDocument::from_pem(s)?; PrivateKeyInfo::validate_pem_label(label)?; @@ -61,7 +57,6 @@ pub trait DecodePrivateKey: for<'a> TryFrom, Error = Error> + /// -----BEGIN ENCRYPTED PRIVATE KEY----- /// ``` #[cfg(all(feature = "encryption", feature = "pem"))] - #[cfg_attr(docsrs, doc(cfg(all(feature = "encryption", feature = "pem"))))] fn from_pkcs8_encrypted_pem(s: &str, password: impl AsRef<[u8]>) -> Result { let (label, doc) = SecretDocument::from_pem(s)?; EncryptedPrivateKeyInfo::validate_pem_label(label)?; @@ -71,15 +66,12 @@ pub trait DecodePrivateKey: for<'a> TryFrom, Error = Error> + /// Load PKCS#8 private key from an ASN.1 DER-encoded file on the local /// filesystem (binary format). #[cfg(feature = "std")] - #[cfg_attr(docsrs, doc(cfg(feature = "std")))] fn read_pkcs8_der_file(path: impl AsRef) -> Result { Self::from_pkcs8_der(SecretDocument::read_der_file(path)?.as_bytes()) } /// Load PKCS#8 private key from a PEM-encoded file on the local filesystem. #[cfg(all(feature = "pem", feature = "std"))] - #[cfg_attr(docsrs, doc(cfg(feature = "pem")))] - #[cfg_attr(docsrs, doc(cfg(feature = "std")))] fn read_pkcs8_pem_file(path: impl AsRef) -> Result { let (label, doc) = SecretDocument::read_pem_file(path)?; PrivateKeyInfo::validate_pem_label(&label)?; @@ -87,9 +79,17 @@ pub trait DecodePrivateKey: for<'a> TryFrom, Error = Error> + } } +impl DecodePrivateKey for T +where + T: for<'a> TryFrom, Error = Error>, +{ + fn from_pkcs8_der(bytes: &[u8]) -> Result { + Self::try_from(PrivateKeyInfo::try_from(bytes)?) + } +} + /// Serialize a private key object to a PKCS#8 encoded document. #[cfg(feature = "alloc")] -#[cfg_attr(docsrs, doc(cfg(feature = "alloc")))] pub trait EncodePrivateKey { /// Serialize a [`SecretDocument`] containing a PKCS#8-encoded private key. fn to_pkcs8_der(&self) -> Result; @@ -97,7 +97,6 @@ pub trait EncodePrivateKey { /// Create an [`SecretDocument`] containing the ciphertext of /// a PKCS#8 encoded private key encrypted under the given `password`. #[cfg(feature = "encryption")] - #[cfg_attr(docsrs, doc(cfg(feature = "encryption")))] fn to_pkcs8_encrypted_der( &self, rng: impl CryptoRng + RngCore, @@ -108,7 +107,6 @@ pub trait EncodePrivateKey { /// Serialize this private key as PEM-encoded PKCS#8 with the given [`LineEnding`]. #[cfg(feature = "pem")] - #[cfg_attr(docsrs, doc(cfg(feature = "pem")))] fn to_pkcs8_pem(&self, line_ending: LineEnding) -> Result> { let doc = self.to_pkcs8_der()?; Ok(doc.to_pem(PrivateKeyInfo::PEM_LABEL, line_ending)?) @@ -117,7 +115,6 @@ pub trait EncodePrivateKey { /// Serialize this private key as an encrypted PEM-encoded PKCS#8 private /// key using the `provided` to derive an encryption key. #[cfg(all(feature = "encryption", feature = "pem"))] - #[cfg_attr(docsrs, doc(cfg(all(feature = "encryption", feature = "pem"))))] fn to_pkcs8_encrypted_pem( &self, rng: impl CryptoRng + RngCore, @@ -130,14 +127,12 @@ pub trait EncodePrivateKey { /// Write ASN.1 DER-encoded PKCS#8 private key to the given path #[cfg(feature = "std")] - #[cfg_attr(docsrs, doc(cfg(feature = "std")))] fn write_pkcs8_der_file(&self, path: impl AsRef) -> Result<()> { Ok(self.to_pkcs8_der()?.write_der_file(path)?) } /// Write ASN.1 DER-encoded PKCS#8 private key to the given path #[cfg(all(feature = "pem", feature = "std"))] - #[cfg_attr(docsrs, doc(cfg(all(feature = "pem", feature = "std"))))] fn write_pkcs8_pem_file(&self, path: impl AsRef, line_ending: LineEnding) -> Result<()> { let doc = self.to_pkcs8_der()?; Ok(doc.write_pem_file(path, PrivateKeyInfo::PEM_LABEL, line_ending)?) diff --git a/vendor/pkcs8/src/version.rs b/vendor/pkcs8/src/version.rs index 339368392..0ca80bc48 100644 --- a/vendor/pkcs8/src/version.rs +++ b/vendor/pkcs8/src/version.rs @@ -6,7 +6,7 @@ use der::{Decode, Encode, FixedTag, Reader, Tag, Writer}; /// Version identifier for PKCS#8 documents. /// /// (RFC 5958 designates `0` and `1` as the only valid versions for PKCS#8 documents) -#[derive(Clone, Debug, Copy, PartialEq)] +#[derive(Clone, Debug, Copy, PartialEq, Eq)] pub enum Version { /// Denotes PKCS#8 v1: no public key field. V1 = 0, @@ -36,7 +36,7 @@ impl Encode for Version { der::Length::from(1u8).for_tlv() } - fn encode(&self, writer: &mut dyn Writer) -> der::Result<()> { + fn encode(&self, writer: &mut impl Writer) -> der::Result<()> { u8::from(*self).encode(writer) } } -- cgit v1.2.3