Add DER & PEM support for SigningKeySeed and VerificationKeyBytes (RFC 8410)

[droark]

• Add encoding to and decoding from DER bytes and PEM strings for SigningKeySeed and VerificationKeyBytes.
• Add some functions so that the Java code mirrors, to a certain degree, the JDK 15 interface for Ed25519 keys and signatures.
• Add encoding and decoding for signatures (technically identity functions).
• Miscellaneous cleanup.

[droark]

FYI, the code should work as is. It passes all tests locally. I'm leaving it in draft form for a little while as I clean it up and make sure it's ready for review. That said, feel free to play with the code and make suggestions.

Thanks.

[tarcieri]

I just discovered something interesting about PKCS#8-serialized Ed25519 private keys. Per this CURDLE draft:

https://datatracker.ietf.org/doc/html/draft-ietf-curdle-pkix-07#section-10.3

The private_key field actually contains an encapsulated 34-byte ASN.1 document containing an OCTET STRING with tag/length header:

   12 04   34:   OCTET STRING
             :     04 20 D4 EE 72 DB F9 13 58 4A D5 B6 D8 F1 F7 69
             :     F8 AD 3A FE 7C 28 CB F1 D4 FB E0 97 A8 8F 44 75
             :     58 42
             :   }

   Note that the value of the private key is:

   D4 EE 72 DB F9 13 58 4A D5 B6 D8 F1 F7 69 F8 AD
   3A FE 7C 28 CB F1 D4 FB E0 97 A8 8F 44 75 58 42

See also the second example which uses PKCS#8v2 and includes a public key:

    12  34:   OCTET STRING, encapsulates {
    14  32:     OCTET STRING D4 EE 72 DB F9 13 58 4A D5 B6 D8 F1 F7
                    69 F8 AD 3A FE 7C 28 CB F1 D4 FB E0 97 A8 8F 44
                    75 58 42
          :     }

(that's right, it's an OCTET STRING inside of another OCTET STRING)

This makes it a bit trickier, as decoding you'll need to check the private key begins with the bytes 04 20 and strip them, and then encoding you'll need to add them, creating a 34-byte ASN.1 DER document with those leading bytes to encapsulate into the private_key field.

[droark]

@tarcieri - Thanks for the catch! I see that this is indeed a part of the final RFC 8410 spec. I'll add a fix for that.

[droark]

@tarcieri - Pushed updated code.

[droark]

@dconnolly - Anything I can do to get some 👀 on this one? Thanks!

[tarcieri]

@droark FYI, I plan on cutting another release of the pkcs8 crate (prospectively v0.7.0) in the next few days.

I'm also happy to do another pass on reviewing this soon (we'd actually very much like to use it)

[tarcieri]

pkcs8 v0.7.0 is out: https://docs.rs/pkcs8/0.7.0/

FYI: Minimum Supported Rust Version is 1.51

[droark]

pkcs8 v0.7.0 is out: https://docs.rs/pkcs8/0.7.0/

FYI: Minimum Supported Rust Version is 1.51

Thanks. Pushed a new commit that uses it.

[droark]

@conradoplg - I think I caught everything you requested. All the PEM/PKCS8 stuff is optional and properly firewalled (AFAIK), Signature is left alone, and all tests pass, with and without the features. I'm thinking it might not hurt to add JNI testing to CI. We can cross that bridge another time. As is, the only quirk I don't like is that sbt test will fail by default when testing JNI. This is discussed in the README. I don't think there's a good way to work around this, so JNI users will just have to RTFM when compiling.

[conradoplg]

This looks good, just needs addressing some small comments.

Can you also please cargo fmt the code and fix the 3 cargo clippy warnings?

[droark]

@conradoplg - Pushed the changes. Everything should be ready now.

[conradoplg]

Sorry, one last detail I missed 😬

[droark]

@conradoplg - Fixed.

[conradoplg]

Thank you so much for the contribution and with the patience 😅