Bump pkcs1 to v0.7, pkcs8 to v0.10; MSRV 1.65

.github/workflows/ci.yml

@@ -16,7 +16,7 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.60.0 # MSRV
+          - 1.65.0 # MSRV
           - stable
         target:
           - thumbv7em-none-eabi
@@ -37,7 +37,7 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.60.0 # MSRV
+          - 1.65.0 # MSRV
           - stable
     steps:
       - uses: actions/checkout@v3

Cargo.toml

@@ -10,7 +10,7 @@ repository = "https://github.com/RustCrypto/RSA"
 keywords = ["rsa", "encryption", "security", "crypto"]
 categories = ["cryptography"]
 readme = "README.md"
-rust-version = "1.60"
+rust-version = "1.65"
 
 [dependencies]
 num-bigint = { version = "0.8.2", features = ["i128", "u64_digit", "prime", "zeroize"], default-features = false, package = "num-bigint-dig" }
@@ -21,8 +21,8 @@ rand_core = { version = "0.6.4", default-features = false }
 byteorder = { version = "1.3.1", default-features = false }
 subtle = { version = "2.1.1", default-features = false }
 digest = { version = "0.10.5", default-features = false, features = ["alloc", "oid"] }
-pkcs1 = { version = "0.4", default-features = false, features = ["pkcs8", "alloc"] }
-pkcs8 = { version = "0.9", default-features = false, features = ["alloc"] }
+pkcs1 = { version = "0.7.1", default-features = false, features = ["alloc", "pkcs8"] }
+pkcs8 = { version = "0.10", default-features = false, features = ["alloc"] }
 serde = { version = "1.0.103", optional = true, default-features = false, features = ["derive"] }
 sha2 = { version = "0.10.6", optional = true, default-features = false, features = ["oid"] }
 signature = { version = "2", default-features = false , features = ["digest", "rand_core"] }

README.md

@@ -70,9 +70,9 @@ There will be three phases before `1.0` 🚢 can be released.
 
 ## Minimum Supported Rust Version (MSRV)
 
-All crates in this repository support Rust 1.60 or higher. In future
-minimally supported version of Rust can be changed, but it will be done with
-a minor version bump.
+All crates in this repository support Rust 1.65 or higher.
+
+In the future MSRV can be changed, but it will be done with a minor version bump.
 
 ## License
 
@@ -97,7 +97,7 @@ dual licensed as above, without any additional terms or conditions.
 [doc-link]: https://docs.rs/rsa
 [build-image]: https://github.com/rustcrypto/RSA/workflows/CI/badge.svg
 [build-link]: https://github.com/RustCrypto/RSA/actions?query=workflow%3ACI+branch%3Amaster
-[msrv-image]: https://img.shields.io/badge/rustc-1.60+-blue.svg
+[msrv-image]: https://img.shields.io/badge/rustc-1.65+-blue.svg
 [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
 [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260047-RSA
 [deps-image]: https://deps.rs/repo/github/RustCrypto/RSA/status.svg

src/encoding.rs

@@ -5,14 +5,11 @@
 
 use crate::{key::PublicKeyParts, BigUint, RsaPrivateKey, RsaPublicKey};
 use core::convert::{TryFrom, TryInto};
-use pkcs1::der::Encode;
-use pkcs8::{
-    DecodePrivateKey, DecodePublicKey, Document, EncodePrivateKey, EncodePublicKey, SecretDocument,
-};
+use pkcs8::{der::Encode, Document, EncodePrivateKey, EncodePublicKey, SecretDocument};
 use zeroize::Zeroizing;
 
 /// Verify that the `AlgorithmIdentifier` for a key is correct.
-fn verify_algorithm_id(algorithm: &pkcs8::AlgorithmIdentifier) -> pkcs8::spki::Result<()> {
+fn verify_algorithm_id(algorithm: &pkcs8::AlgorithmIdentifierRef) -> pkcs8::spki::Result<()> {
     algorithm.assert_algorithm_oid(pkcs1::ALGORITHM_OID)?;
 
     if algorithm.parameters_any()? != pkcs8::der::asn1::Null.into() {
@@ -45,23 +42,23 @@ impl TryFrom<pkcs8::PrivateKeyInfo<'_>> for RsaPrivateKey {
     }
 }
 
-impl DecodePrivateKey for RsaPrivateKey {}
-
-impl TryFrom<pkcs8::SubjectPublicKeyInfo<'_>> for RsaPublicKey {
+impl TryFrom<pkcs8::SubjectPublicKeyInfoRef<'_>> for RsaPublicKey {
     type Error = pkcs8::spki::Error;
 
-    fn try_from(spki: pkcs8::SubjectPublicKeyInfo<'_>) -> pkcs8::spki::Result<Self> {
+    fn try_from(spki: pkcs8::SubjectPublicKeyInfoRef<'_>) -> pkcs8::spki::Result<Self> {
         verify_algorithm_id(&spki.algorithm)?;
 
-        let pkcs1_key = pkcs1::RsaPublicKey::try_from(spki.subject_public_key)?;
+        let pkcs1_key = pkcs1::RsaPublicKey::try_from(
+            spki.subject_public_key
+                .as_bytes()
+                .ok_or(pkcs8::spki::Error::KeyMalformed)?,
+        )?;
         let n = BigUint::from_bytes_be(pkcs1_key.modulus.as_bytes());
         let e = BigUint::from_bytes_be(pkcs1_key.public_exponent.as_bytes());
         RsaPublicKey::new(n, e).map_err(|_| pkcs8::spki::Error::KeyMalformed)
     }
 }
 
-impl DecodePublicKey for RsaPublicKey {}
-
 impl EncodePrivateKey for RsaPrivateKey {
     fn to_pkcs8_der(&self) -> pkcs8::Result<SecretDocument> {
         // Check if the key is multi prime
@@ -83,17 +80,17 @@ impl EncodePrivateKey for RsaPrivateKey {
         );
 
         let private_key = pkcs1::RsaPrivateKey {
-            modulus: pkcs1::UIntRef::new(&modulus)?,
-            public_exponent: pkcs1::UIntRef::new(&public_exponent)?,
-            private_exponent: pkcs1::UIntRef::new(&private_exponent)?,
-            prime1: pkcs1::UIntRef::new(&prime1)?,
-            prime2: pkcs1::UIntRef::new(&prime2)?,
-            exponent1: pkcs1::UIntRef::new(&exponent1)?,
-            exponent2: pkcs1::UIntRef::new(&exponent2)?,
-            coefficient: pkcs1::UIntRef::new(&coefficient)?,
+            modulus: pkcs1::UintRef::new(&modulus)?,
+            public_exponent: pkcs1::UintRef::new(&public_exponent)?,
+            private_exponent: pkcs1::UintRef::new(&private_exponent)?,
+            prime1: pkcs1::UintRef::new(&prime1)?,
+            prime2: pkcs1::UintRef::new(&prime2)?,
+            exponent1: pkcs1::UintRef::new(&exponent1)?,
+            exponent2: pkcs1::UintRef::new(&exponent2)?,
+            coefficient: pkcs1::UintRef::new(&coefficient)?,
             other_prime_infos: None,
         }
-        .to_vec()?;
+        .to_der()?;
 
         pkcs8::PrivateKeyInfo::new(pkcs1::ALGORITHM_ID, private_key.as_ref()).try_into()
     }
@@ -105,14 +102,17 @@ impl EncodePublicKey for RsaPublicKey {
         let public_exponent = self.e().to_bytes_be();
 
         let subject_public_key = pkcs1::RsaPublicKey {
-            modulus: pkcs1::UIntRef::new(&modulus)?,
-            public_exponent: pkcs1::UIntRef::new(&public_exponent)?,
+            modulus: pkcs1::UintRef::new(&modulus)?,
+            public_exponent: pkcs1::UintRef::new(&public_exponent)?,
         }
-        .to_vec()?;
+        .to_der()?;
 
-        pkcs8::SubjectPublicKeyInfo {
+        pkcs8::SubjectPublicKeyInfoRef {
             algorithm: pkcs1::ALGORITHM_ID,
-            subject_public_key: subject_public_key.as_ref(),
+            subject_public_key: pkcs8::der::asn1::BitStringRef::new(
+                0,
+                subject_public_key.as_ref(),
+            )?,
         }
         .try_into()
     }