1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-23 15:49:44 -05:00

chore(ext/crypto): upgrade ec crates

This commit is contained in:
Divy Srivastava 2023-11-04 09:59:25 +05:30
parent 46faf37ec0
commit 5202f5460d
8 changed files with 101 additions and 237 deletions

210
Cargo.lock generated
View file

@ -745,18 +745,6 @@ dependencies = [
"cfg-if",
]
[[package]]
name = "crypto-bigint"
version = "0.4.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef"
dependencies = [
"generic-array",
"rand_core",
"subtle",
"zeroize",
]
[[package]]
name = "crypto-bigint"
version = "0.5.3"
@ -1177,11 +1165,11 @@ dependencies = [
"curve25519-dalek",
"deno_core",
"deno_web",
"elliptic-curve 0.12.3",
"elliptic-curve",
"num-traits",
"once_cell",
"p256 0.11.1",
"p384 0.11.2",
"p256",
"p384",
"rand",
"ring",
"rsa",
@ -1191,7 +1179,7 @@ dependencies = [
"sha1",
"sha2",
"signature 1.6.4",
"spki 0.6.0",
"spki",
"tokio",
"uuid",
"x25519-dalek",
@ -1489,7 +1477,7 @@ dependencies = [
"digest",
"dsa",
"ecb",
"elliptic-curve 0.13.5",
"elliptic-curve",
"errno 0.2.8",
"h2",
"hex",
@ -1508,8 +1496,8 @@ dependencies = [
"num-traits",
"once_cell",
"p224",
"p256 0.13.2",
"p384 0.13.0",
"p256",
"p384",
"path-clean",
"pbkdf2",
"rand",
@ -1829,8 +1817,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de"
dependencies = [
"const-oid",
"pem-rfc7468 0.6.0",
"zeroize",
]
[[package]]
@ -1840,7 +1826,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c"
dependencies = [
"const-oid",
"pem-rfc7468 0.7.0",
"pem-rfc7468",
"zeroize",
]
@ -2066,8 +2052,8 @@ dependencies = [
"digest",
"num-bigint-dig",
"num-traits",
"pkcs8 0.10.2",
"rfc6979 0.4.0",
"pkcs8",
"rfc6979",
"sha2",
"signature 2.1.0",
"zeroize",
@ -2114,18 +2100,6 @@ dependencies = [
"cipher",
]
[[package]]
name = "ecdsa"
version = "0.14.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "413301934810f597c1d19ca71c8710e99a3f1ba28a0d2ebc01551a2daeea3c5c"
dependencies = [
"der 0.6.1",
"elliptic-curve 0.12.3",
"rfc6979 0.3.1",
"signature 1.6.4",
]
[[package]]
name = "ecdsa"
version = "0.16.8"
@ -2134,10 +2108,10 @@ checksum = "a4b1e0c257a9e9f25f90ff76d7a68360ed497ee519c8e428d1825ef0000799d4"
dependencies = [
"der 0.7.8",
"digest",
"elliptic-curve 0.13.5",
"rfc6979 0.4.0",
"elliptic-curve",
"rfc6979",
"signature 2.1.0",
"spki 0.7.2",
"spki",
]
[[package]]
@ -2146,28 +2120,6 @@ version = "1.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07"
[[package]]
name = "elliptic-curve"
version = "0.12.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3"
dependencies = [
"base16ct 0.1.1",
"crypto-bigint 0.4.9",
"der 0.6.1",
"digest",
"ff 0.12.1",
"generic-array",
"group 0.12.1",
"hkdf",
"pem-rfc7468 0.6.0",
"pkcs8 0.9.0",
"rand_core",
"sec1 0.3.0",
"subtle",
"zeroize",
]
[[package]]
name = "elliptic-curve"
version = "0.13.5"
@ -2175,14 +2127,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "968405c8fdc9b3bf4df0a6638858cc0b52462836ab6b1c87377785dd09cf1c0b"
dependencies = [
"base16ct 0.2.0",
"crypto-bigint 0.5.3",
"crypto-bigint",
"digest",
"ff 0.13.0",
"ff",
"generic-array",
"group 0.13.0",
"group",
"hkdf",
"pem-rfc7468 0.7.0",
"pkcs8 0.10.2",
"pem-rfc7468",
"pkcs8",
"rand_core",
"sec1 0.7.3",
"subtle",
@ -2379,16 +2331,6 @@ dependencies = [
"windows-sys",
]
[[package]]
name = "ff"
version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160"
dependencies = [
"rand_core",
"subtle",
]
[[package]]
name = "ff"
version = "0.13.0"
@ -2665,24 +2607,13 @@ version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"
[[package]]
name = "group"
version = "0.12.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7"
dependencies = [
"ff 0.12.1",
"rand_core",
"subtle",
]
[[package]]
name = "group"
version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63"
dependencies = [
"ff 0.13.0",
"ff",
"rand_core",
"subtle",
]
@ -3718,54 +3649,32 @@ version = "0.13.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "30c06436d66652bc2f01ade021592c80a2aad401570a18aa18b82e440d2b9aa1"
dependencies = [
"ecdsa 0.16.8",
"elliptic-curve 0.13.5",
"ecdsa",
"elliptic-curve",
"primeorder",
"sha2",
]
[[package]]
name = "p256"
version = "0.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "51f44edd08f51e2ade572f141051021c5af22677e42b7dd28a88155151c33594"
dependencies = [
"ecdsa 0.14.8",
"elliptic-curve 0.12.3",
"sha2",
]
[[package]]
name = "p256"
version = "0.13.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
dependencies = [
"ecdsa 0.16.8",
"elliptic-curve 0.13.5",
"ecdsa",
"elliptic-curve",
"primeorder",
"sha2",
]
[[package]]
name = "p384"
version = "0.11.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dfc8c5bf642dde52bb9e87c0ecd8ca5a76faac2eeed98dedb7c717997e1080aa"
dependencies = [
"ecdsa 0.14.8",
"elliptic-curve 0.12.3",
"sha2",
]
[[package]]
name = "p384"
version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209"
dependencies = [
"ecdsa 0.16.8",
"elliptic-curve 0.13.5",
"ecdsa",
"elliptic-curve",
"primeorder",
"sha2",
]
@ -3860,15 +3769,6 @@ dependencies = [
"hmac",
]
[[package]]
name = "pem-rfc7468"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "24d159833a9105500e0398934e205e0773f0b27529557134ecfc51c27646adac"
dependencies = [
"base64ct",
]
[[package]]
name = "pem-rfc7468"
version = "0.7.0"
@ -3977,18 +3877,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
dependencies = [
"der 0.7.8",
"pkcs8 0.10.2",
"spki 0.7.2",
]
[[package]]
name = "pkcs8"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba"
dependencies = [
"der 0.6.1",
"spki 0.6.0",
"pkcs8",
"spki",
]
[[package]]
@ -3998,7 +3888,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
dependencies = [
"der 0.7.8",
"spki 0.7.2",
"spki",
]
[[package]]
@ -4088,7 +3978,7 @@ version = "0.13.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3c2fcef82c0ec6eefcc179b978446c399b3cdf73c392c35604e399eee6df1ee3"
dependencies = [
"elliptic-curve 0.13.5",
"elliptic-curve",
]
[[package]]
@ -4414,17 +4304,6 @@ dependencies = [
"quick-error",
]
[[package]]
name = "rfc6979"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb"
dependencies = [
"crypto-bigint 0.4.9",
"hmac",
"zeroize",
]
[[package]]
name = "rfc6979"
version = "0.4.0"
@ -4470,10 +4349,10 @@ dependencies = [
"num-integer",
"num-traits",
"pkcs1",
"pkcs8 0.10.2",
"pkcs8",
"rand_core",
"signature 2.1.0",
"spki 0.7.2",
"spki",
"subtle",
"zeroize",
]
@ -4749,9 +4628,6 @@ dependencies = [
"base16ct 0.1.1",
"der 0.6.1",
"generic-array",
"pkcs8 0.9.0",
"subtle",
"zeroize",
]
[[package]]
@ -4763,16 +4639,16 @@ dependencies = [
"base16ct 0.2.0",
"der 0.7.8",
"generic-array",
"pkcs8 0.10.2",
"pkcs8",
"subtle",
"zeroize",
]
[[package]]
name = "secp256k1"
version = "0.27.0"
version = "0.28.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "25996b82292a7a57ed3508f052cfff8640d38d32018784acd714758b43da9c8f"
checksum = "2acea373acb8c21ecb5a23741452acd2593ed44ee3d343e72baaa143bc89d0d5"
dependencies = [
"rand",
"secp256k1-sys",
@ -4780,9 +4656,9 @@ dependencies = [
[[package]]
name = "secp256k1-sys"
version = "0.8.1"
version = "0.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "70a129b9e9efbfb223753b9163c4ab3b13cff7fd9c7f010fbac25ab4099fa07e"
checksum = "09e67c467c38fd24bd5499dc9a18183b31575c12ee549197e3e20d57aa4fe3b7"
dependencies = [
"cc",
]
@ -4980,10 +4856,6 @@ name = "signature"
version = "1.6.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c"
dependencies = [
"digest",
"rand_core",
]
[[package]]
name = "signature"
@ -5106,16 +4978,6 @@ version = "0.9.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
[[package]]
name = "spki"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b"
dependencies = [
"base64ct",
"der 0.6.1",
]
[[package]]
name = "spki"
version = "0.7.2"

View file

@ -137,7 +137,7 @@ serde = { version = "1.0.149", features = ["derive"] }
serde_bytes = "0.11"
serde_json = "1.0.85"
serde_repr = "=0.1.16"
sha2 = { version = "0.10.6", features = ["oid"] }
sha2 = { version = "0.10.8", features = ["oid"] }
signature = "=1.6.4"
slab = "0.4"
smallvec = "1.8"

View file

@ -25,22 +25,21 @@ ctr = "0.9.1"
curve25519-dalek = "4.1.1"
deno_core.workspace = true
deno_web.workspace = true
elliptic-curve = { version = "0.12.1", features = ["std", "pem"] }
elliptic-curve = { version = "0.13.1", features = ["std", "pem"] }
num-traits = "0.2.14"
once_cell.workspace = true
p256 = { version = "0.11.1", features = ["ecdh"] }
p384 = "0.11.1"
p256 = { version = "0.13.2", features = ["ecdh"] }
p384 = "0.13.0"
rand.workspace = true
ring = { workspace = true, features = ["std"] }
rsa.workspace = true
sec1 = "0.3.0"
serde.workspace = true
serde_bytes.workspace = true
sha1 = { version = "0.10.5", features = ["oid"] }
sha1 = { version = "0.10.6", features = ["oid"] }
sha2.workspace = true
signature.workspace = true
spki = "0.6.0"
spki = "0.7.2"
tokio.workspace = true
uuid.workspace = true
# https://github.com/dalek-cryptography/x25519-dalek/pull/89
x25519-dalek = "2.0.0-pre.1"
x25519-dalek = "2.0.0"

View file

@ -11,6 +11,7 @@ use rand::rngs::OsRng;
use rand::RngCore;
use ring::signature::Ed25519KeyPair;
use ring::signature::KeyPair;
use spki::der::asn1::BitString;
use spki::der::Decode;
use spki::der::Encode;
@ -65,7 +66,7 @@ pub fn op_crypto_import_spki_ed25519(
#[buffer] out: &mut [u8],
) -> bool {
// 2-3.
let pk_info = match spki::SubjectPublicKeyInfo::from_der(key_data) {
let pk_info = match spki::SubjectPublicKeyInfoRef::try_from(key_data) {
Ok(pk_info) => pk_info,
Err(_) => return false,
};
@ -78,7 +79,7 @@ pub fn op_crypto_import_spki_ed25519(
if pk_info.algorithm.parameters.is_some() {
return false;
}
out.copy_from_slice(pk_info.subject_public_key);
out.copy_from_slice(pk_info.subject_public_key.raw_bytes());
true
}
@ -117,16 +118,16 @@ pub fn op_crypto_export_spki_ed25519(
#[buffer] pubkey: &[u8],
) -> Result<ToJsBuffer, AnyError> {
let key_info = spki::SubjectPublicKeyInfo {
algorithm: spki::AlgorithmIdentifier {
algorithm: spki::AlgorithmIdentifierOwned {
// id-Ed25519
oid: ED25519_OID,
parameters: None,
},
subject_public_key: pubkey,
subject_public_key: BitString::from_bytes(pubkey)?,
};
Ok(
key_info
.to_vec()
.to_der()
.map_err(|_| {
custom_error("DOMExceptionOperationError", "Failed to export key")
})?

View file

@ -16,7 +16,9 @@ use rsa::pkcs8::der::Encode;
use serde::Deserialize;
use serde::Serialize;
use spki::der::asn1;
use spki::der::asn1::BitString;
use spki::AlgorithmIdentifier;
use spki::AlgorithmIdentifierOwned;
use crate::shared::*;
@ -126,7 +128,6 @@ fn export_key_rsa(
) -> Result<ExportKeyResult, deno_core::anyhow::Error> {
match format {
ExportKeyFormat::Spki => {
use spki::der::Encode;
let subject_public_key = &key_data.as_rsa_public_key()?;
// the SPKI structure
@ -138,11 +139,11 @@ fn export_key_rsa(
// It MUST have ASN.1 type NULL.
parameters: Some(asn1::AnyRef::from(asn1::Null)),
},
subject_public_key,
subject_public_key: BitString::from_bytes(&subject_public_key).unwrap(),
};
// Infallible because we know the public key is valid.
let spki_der = key_info.to_vec().unwrap();
let spki_der = key_info.to_der().unwrap();
Ok(ExportKeyResult::Spki(spki_der.into()))
}
ExportKeyFormat::Pkcs8 => {
@ -259,8 +260,6 @@ fn export_key_ec(
Ok(ExportKeyResult::Raw(subject_public_key.into()))
}
ExportKeyFormat::Spki => {
use spki::der::Encode;
let subject_public_key = match named_curve {
EcNamedCurve::P256 => {
let point = key_data.as_ec_public_key_p256()?;
@ -278,11 +277,11 @@ fn export_key_ec(
};
let alg_id = match named_curve {
EcNamedCurve::P256 => AlgorithmIdentifier {
EcNamedCurve::P256 => AlgorithmIdentifierOwned {
oid: elliptic_curve::ALGORITHM_OID,
parameters: Some((&p256::NistP256::OID).into()),
},
EcNamedCurve::P384 => AlgorithmIdentifier {
EcNamedCurve::P384 => AlgorithmIdentifierOwned {
oid: elliptic_curve::ALGORITHM_OID,
parameters: Some((&p384::NistP384::OID).into()),
},
@ -302,10 +301,10 @@ fn export_key_ec(
// the SPKI structure
let key_info = spki::SubjectPublicKeyInfo {
algorithm: alg_id,
subject_public_key: &subject_public_key,
subject_public_key: BitString::from_bytes(&subject_public_key).unwrap(),
};
let spki_der = key_info.to_vec().unwrap();
let spki_der = key_info.to_der().unwrap();
Ok(ExportKeyResult::Spki(spki_der.into()))
}
@ -374,7 +373,7 @@ fn export_key_ec(
Ok(ExportKeyResult::JwkPrivateEc {
x: bytes_to_b64(x),
y: bytes_to_b64(y),
d: bytes_to_b64(&ec_key.to_be_bytes()),
d: bytes_to_b64(&ec_key.to_bytes()),
})
} else {
Err(data_error("expected valid public EC key"))
@ -397,7 +396,7 @@ fn export_key_ec(
Ok(ExportKeyResult::JwkPrivateEc {
x: bytes_to_b64(x),
y: bytes_to_b64(y),
d: bytes_to_b64(&ec_key.to_be_bytes()),
d: bytes_to_b64(&ec_key.to_bytes()),
})
} else {
Err(data_error("expected valid public EC key"))

View file

@ -206,12 +206,10 @@ fn import_key_rsa_jwk(
fn import_key_rsassa(
key_data: KeyData,
) -> Result<ImportKeyResult, deno_core::anyhow::Error> {
use rsa::pkcs1::der::Decode;
match key_data {
KeyData::Spki(data) => {
// 2-3.
let pk_info = spki::SubjectPublicKeyInfo::from_der(&data)
let pk_info = spki::SubjectPublicKeyInfoRef::try_from(&*data)
.map_err(|e| data_error(e.to_string()))?;
// 4-5.
@ -223,21 +221,24 @@ fn import_key_rsassa(
}
// 8-9.
let public_key =
rsa::pkcs1::RsaPublicKey::from_der(pk_info.subject_public_key)
.map_err(|e| data_error(e.to_string()))?;
let public_key = rsa::pkcs1::RsaPublicKey::from_der(
pk_info.subject_public_key.raw_bytes(),
)
.map_err(|e| data_error(e.to_string()))?;
let bytes_consumed = public_key
.encoded_len()
.map_err(|e| data_error(e.to_string()))?;
if bytes_consumed
!= rsa::pkcs1::der::Length::new(pk_info.subject_public_key.len() as u16)
!= rsa::pkcs1::der::Length::new(
pk_info.subject_public_key.raw_bytes().len() as u16,
)
{
return Err(data_error("public key is invalid (too long)"));
}
let data = pk_info.subject_public_key.to_vec().into();
let data = pk_info.subject_public_key.to_der()?.into();
let public_exponent =
public_key.public_exponent.as_bytes().to_vec().into();
let modulus_length = public_key.modulus.as_bytes().len() * 8;
@ -297,12 +298,10 @@ fn import_key_rsassa(
fn import_key_rsapss(
key_data: KeyData,
) -> Result<ImportKeyResult, deno_core::anyhow::Error> {
use rsa::pkcs1::der::Decode;
match key_data {
KeyData::Spki(data) => {
// 2-3.
let pk_info = spki::SubjectPublicKeyInfo::from_der(&data)
let pk_info = spki::SubjectPublicKeyInfoRef::try_from(&*data)
.map_err(|e| data_error(e.to_string()))?;
// 4-5.
@ -314,21 +313,24 @@ fn import_key_rsapss(
}
// 8-9.
let public_key =
rsa::pkcs1::RsaPublicKey::from_der(pk_info.subject_public_key)
.map_err(|e| data_error(e.to_string()))?;
let public_key = rsa::pkcs1::RsaPublicKey::from_der(
pk_info.subject_public_key.raw_bytes(),
)
.map_err(|e| data_error(e.to_string()))?;
let bytes_consumed = public_key
.encoded_len()
.map_err(|e| data_error(e.to_string()))?;
if bytes_consumed
!= rsa::pkcs1::der::Length::new(pk_info.subject_public_key.len() as u16)
!= rsa::pkcs1::der::Length::new(
pk_info.subject_public_key.raw_bytes().len() as u16,
)
{
return Err(data_error("public key is invalid (too long)"));
}
let data = pk_info.subject_public_key.to_vec().into();
let data = pk_info.subject_public_key.to_der()?.into();
let public_exponent =
public_key.public_exponent.as_bytes().to_vec().into();
let modulus_length = public_key.modulus.as_bytes().len() * 8;
@ -388,12 +390,10 @@ fn import_key_rsapss(
fn import_key_rsaoaep(
key_data: KeyData,
) -> Result<ImportKeyResult, deno_core::anyhow::Error> {
use rsa::pkcs1::der::Decode;
match key_data {
KeyData::Spki(data) => {
// 2-3.
let pk_info = spki::SubjectPublicKeyInfo::from_der(&data)
let pk_info = spki::SubjectPublicKeyInfoRef::try_from(&*data)
.map_err(|e| data_error(e.to_string()))?;
// 4-5.
@ -405,21 +405,24 @@ fn import_key_rsaoaep(
}
// 8-9.
let public_key =
rsa::pkcs1::RsaPublicKey::from_der(pk_info.subject_public_key)
.map_err(|e| data_error(e.to_string()))?;
let public_key = rsa::pkcs1::RsaPublicKey::from_der(
pk_info.subject_public_key.raw_bytes(),
)
.map_err(|e| data_error(e.to_string()))?;
let bytes_consumed = public_key
.encoded_len()
.map_err(|e| data_error(e.to_string()))?;
if bytes_consumed
!= rsa::pkcs1::der::Length::new(pk_info.subject_public_key.len() as u16)
!= rsa::pkcs1::der::Length::new(
pk_info.subject_public_key.raw_bytes().len() as u16,
)
{
return Err(data_error("public key is invalid (too long)"));
}
let data = pk_info.subject_public_key.to_vec().into();
let data = pk_info.subject_public_key.to_der()?.into();
let public_exponent =
public_key.public_exponent.as_bytes().to_vec().into();
let modulus_length = public_key.modulus.as_bytes().len() * 8;
@ -541,14 +544,14 @@ fn import_key_ec_jwk(
let pkcs8_der = match named_curve {
EcNamedCurve::P256 => {
let d = decode_b64url_to_field_bytes::<p256::NistP256>(&d)?;
let pk = p256::SecretKey::from_be_bytes(&d)?;
let pk = p256::SecretKey::from_bytes(&d)?;
pk.to_pkcs8_der()
.map_err(|_| data_error("invalid JWK private key"))?
}
EcNamedCurve::P384 => {
let d = decode_b64url_to_field_bytes::<p384::NistP384>(&d)?;
let pk = p384::SecretKey::from_be_bytes(&d)?;
let pk = p384::SecretKey::from_bytes(&d)?;
pk.to_pkcs8_der()
.map_err(|_| data_error("invalid JWK private key"))?
@ -593,7 +596,7 @@ impl<'a> TryFrom<spki::der::asn1::AnyRef<'a>> for ECParametersSpki {
fn try_from(
any: spki::der::asn1::AnyRef<'a>,
) -> spki::der::Result<ECParametersSpki> {
let x = any.oid()?;
let x = any.try_into()?;
Ok(Self { named_curve_alg: x })
}
@ -642,7 +645,7 @@ fn import_key_ec(
pk.algorithm
.parameters
.ok_or_else(|| data_error("malformed parameters"))?
.oid()
.try_into()
.unwrap()
}
EcNamedCurve::P521 => {
@ -689,7 +692,7 @@ fn import_key_ec(
}
KeyData::Spki(data) => {
// 2-3.
let pk_info = spki::SubjectPublicKeyInfo::from_der(&data)
let pk_info = spki::SubjectPublicKeyInfoRef::try_from(&*data)
.map_err(|e| data_error(e.to_string()))?;
// 4.
@ -726,7 +729,7 @@ fn import_key_ec(
if let Some(pk_named_curve) = pk_named_curve {
let pk = pk_info.subject_public_key;
encoded_key = pk.to_vec();
encoded_key = pk.to_der()?;
let bytes_consumed = match named_curve {
EcNamedCurve::P256 => {
@ -755,7 +758,7 @@ fn import_key_ec(
_ => return Err(not_supported_error("Unsupported named curve")),
};
if bytes_consumed != pk_info.subject_public_key.len() {
if bytes_consumed != pk_info.subject_public_key.raw_bytes().len() {
return Err(data_error("public key is invalid (too long)"));
}

View file

@ -9,6 +9,7 @@ use elliptic_curve::pkcs8::PrivateKeyInfo;
use elliptic_curve::subtle::ConstantTimeEq;
use rand::rngs::OsRng;
use rand::RngCore;
use spki::der::asn1::BitString;
use spki::der::Decode;
use spki::der::Encode;
@ -62,7 +63,7 @@ pub fn op_crypto_import_spki_x25519(
#[buffer] out: &mut [u8],
) -> bool {
// 2-3.
let pk_info = match spki::SubjectPublicKeyInfo::from_der(key_data) {
let pk_info = match spki::SubjectPublicKeyInfoRef::try_from(key_data) {
Ok(pk_info) => pk_info,
Err(_) => return false,
};
@ -75,7 +76,7 @@ pub fn op_crypto_import_spki_x25519(
if pk_info.algorithm.parameters.is_some() {
return false;
}
out.copy_from_slice(pk_info.subject_public_key);
out.copy_from_slice(pk_info.subject_public_key.raw_bytes());
true
}
@ -114,16 +115,16 @@ pub fn op_crypto_export_spki_x25519(
#[buffer] pubkey: &[u8],
) -> Result<ToJsBuffer, AnyError> {
let key_info = spki::SubjectPublicKeyInfo {
algorithm: spki::AlgorithmIdentifier {
algorithm: spki::AlgorithmIdentifierRef {
// id-X25519
oid: X25519_OID,
parameters: None,
},
subject_public_key: pubkey,
subject_public_key: BitString::from_bytes(pubkey)?,
};
Ok(
key_info
.to_vec()
.to_der()
.map_err(|_| {
custom_error("DOMExceptionOperationError", "Failed to export key")
})?

View file

@ -59,7 +59,7 @@ ring.workspace = true
ripemd = "0.1.3"
rsa.workspace = true
scrypt = "0.11.0"
secp256k1 = { version = "0.27.0", features = ["rand-std"] }
secp256k1 = { version = "0.28.0", features = ["rand-std"] }
serde = "1.0.149"
sha-1 = "0.10.0"
sha2.workspace = true
@ -68,6 +68,5 @@ tokio.workspace = true
typenum = "1.15.0"
url.workspace = true
winapi.workspace = true
# https://github.com/dalek-cryptography/x25519-dalek/pull/89
x25519-dalek = "2.0.0-pre.1"
x25519-dalek = "2.0.0"
x509-parser = "0.15.0"