Replace custom PKCS Eugeny#8 parsing with der crate and others

robertabcd · Apr 28, 2024 · 2d1dfdc · 2d1dfdc
1 parent 8d582f6
commit 2d1dfdc
Show file tree

Hide file tree

Showing 4 changed files with 148 additions and 498 deletions.
diff --git a/russh-keys/Cargo.toml b/russh-keys/Cargo.toml
@@ -40,9 +40,10 @@ block-padding = { version = "0.3", features = ["std"] }
 byteorder = "1.4"
 data-encoding = "2.3"
 digest = "0.10"
+der = "0.7"
 dirs = "5.0"
 ecdsa = "0.16"
-ed25519-dalek = { version= "2.0", features = ["rand_core"] }
+ed25519-dalek = { version= "2.0", features = ["rand_core", "pkcs8"] }
 elliptic-curve = "0.13"
 futures = "0.3"
 hmac = "0.12"
@@ -57,18 +58,21 @@ p384 = "0.13"
 p521 = "0.13"
 pbkdf2 = "0.11"
 pkcs1 = "0.7"
+pkcs5 = "0.7"
+pkcs8 = { version = "0.10", features = ["pkcs5", "encryption"] }
 rand = "0.8"
 rand_core = { version = "0.6.4", features = ["std"] }
 rsa = "0.9"
 russh-cryptovec = { version = "0.7.0", path = "../cryptovec" }
+sec1 = { version = "0.7", features = ["pkcs8"] }
 serde = { version = "1.0", features = ["derive"] }
 sha1 = { version = "0.10", features = ["oid"] }
 sha2 = { version = "0.10", features = ["oid"] }
+spki = "0.7"
 thiserror = "1.0"
 tokio = { version = "1.17.0", features = ["io-util", "rt-multi-thread", "time", "net"] }
 tokio-stream = { version = "0.1", features = ["net"] }
 typenum = "1.17"
-yasna = { version = "0.5.0", features = ["bit-vec", "num-bigint"] }
 
 [features]
 vendored-openssl = ["openssl", "openssl/vendored"]

diff --git a/russh-keys/src/format/mod.rs b/russh-keys/src/format/mod.rs
@@ -80,15 +80,16 @@ pub fn decode_secret_key(secret: &str, password: Option<&str>) -> Result<key::Ke
         Some(Format::Openssh) => decode_openssh(&secret, password),
         Some(Format::Rsa) => decode_rsa(&secret),
         Some(Format::Pkcs5Encrypted(enc)) => decode_pkcs5(&secret, password, enc),
-        Some(Format::Pkcs8Encrypted) | Some(Format::Pkcs8) => {
-            self::pkcs8::decode_pkcs8(&secret, password.map(|x| x.as_bytes()))
-        }
+        Some(Format::Pkcs8Encrypted) | Some(Format::Pkcs8) => Ok(self::pkcs8::decode_pkcs8(
+            &secret,
+            password.map(|x| x.as_bytes()),
+        )?),
         None => Err(Error::CouldNotReadKey),
     }
 }
 
 pub fn encode_pkcs8_pem<W: Write>(key: &key::KeyPair, mut w: W) -> Result<(), Error> {
-    let x = self::pkcs8::encode_pkcs8(key);
+    let x = self::pkcs8::encode_pkcs8(key)?;
     w.write_all(b"-----BEGIN PRIVATE KEY-----\n")?;
     w.write_all(BASE64_MIME.encode(&x).as_bytes())?;
     w.write_all(b"\n-----END PRIVATE KEY-----\n")?;