Replace custom PKCS #8 parsing with der crate and others (#274)

This makes code leaner but pulls in more dependencies. The benefit to us is that we don't have to maintain (and fix) our own DER encoders and decoders for PKCS#8 keys. --------- Co-authored-by: Eugene <inbox@null.page>
warp-tech · Apr 28, 2024 · 4f749f4 · 4f749f4
1 parent 8d582f6
commit 4f749f4
Show file tree

Hide file tree

Showing 5 changed files with 144 additions and 498 deletions.
diff --git a/russh-keys/Cargo.toml b/russh-keys/Cargo.toml
@@ -33,42 +33,44 @@ rust-version = "1.65"
 aes = "0.8"
 async-trait = "0.1.72"
 bcrypt-pbkdf = "0.10"
-bit-vec = "0.6"
 cbc = "0.1"
 ctr = "0.9"
 block-padding = { version = "0.3", features = ["std"] }
 byteorder = "1.4"
 data-encoding = "2.3"
 digest = "0.10"
+der = "0.7"
 dirs = "5.0"
 ecdsa = "0.16"
-ed25519-dalek = { version= "2.0", features = ["rand_core"] }
+ed25519-dalek = { version= "2.0", features = ["rand_core", "pkcs8"] }
 elliptic-curve = "0.13"
 futures = "0.3"
 hmac = "0.12"
 inout = { version = "0.1", features = ["std"] }
 log = "0.4"
 md5 = "0.7"
-num-bigint = "0.4"
 num-integer = "0.1"
 openssl = { version = "0.10", optional = true }
 p256 = "0.13"
 p384 = "0.13"
 p521 = "0.13"
 pbkdf2 = "0.11"
 pkcs1 = "0.7"
+pkcs5 = "0.7"
+pkcs8 = { version = "0.10", features = ["pkcs5", "encryption"] }
 rand = "0.8"
 rand_core = { version = "0.6.4", features = ["std"] }
 rsa = "0.9"
 russh-cryptovec = { version = "0.7.0", path = "../cryptovec" }
+sec1 = { version = "0.7", features = ["pkcs8"] }
 serde = { version = "1.0", features = ["derive"] }
 sha1 = { version = "0.10", features = ["oid"] }
 sha2 = { version = "0.10", features = ["oid"] }
+spki = "0.7"
 thiserror = "1.0"
 tokio = { version = "1.17.0", features = ["io-util", "rt-multi-thread", "time", "net"] }
 tokio-stream = { version = "0.1", features = ["net"] }
 typenum = "1.17"
-yasna = { version = "0.5.0", features = ["bit-vec", "num-bigint"] }
 
 [features]
 vendored-openssl = ["openssl", "openssl/vendored"]

diff --git a/russh-keys/src/format/mod.rs b/russh-keys/src/format/mod.rs
@@ -88,7 +88,7 @@ pub fn decode_secret_key(secret: &str, password: Option<&str>) -> Result<key::Ke
 }
 
 pub fn encode_pkcs8_pem<W: Write>(key: &key::KeyPair, mut w: W) -> Result<(), Error> {
-    let x = self::pkcs8::encode_pkcs8(key);
+    let x = self::pkcs8::encode_pkcs8(key)?;
     w.write_all(b"-----BEGIN PRIVATE KEY-----\n")?;
     w.write_all(BASE64_MIME.encode(&x).as_bytes())?;
     w.write_all(b"\n-----END PRIVATE KEY-----\n")?;