Bump pkcs1 to v0.7, pkcs8 to v0.10; MSRV 1.65 (#270)

.github/workflows/ci.yml

@@ -16,7 +16,7 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.60.0 # MSRV
+          - 1.65.0 # MSRV
           - stable
         target:
           - thumbv7em-none-eabi
@@ -37,7 +37,7 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.60.0 # MSRV
+          - 1.65.0 # MSRV
           - stable
     steps:
       - uses: actions/checkout@v3

Cargo.lock

@@ -101,9 +101,9 @@ dependencies = [
 
 [[package]]
 name = "der"
-version = "0.6.1"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de"
+checksum = "bc302fd9b18d66834a6f092d10ea85489c0ca8ad6b7304092135fab171d853cd"
 dependencies = [
  "const-oid",
  "pem-rfc7468",
@@ -249,27 +249,28 @@ dependencies = [
 
 [[package]]
 name = "pbkdf2"
-version = "0.11.0"
+version = "0.12.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "83a0692ec44e4cf1ef28ca317f14f8f07da2d95ec3fa01f86e4467b725e60917"
+checksum = "f0ca0b5a68607598bf3bad68f32227a8164f6254833f84eafaac409cd6746c31"
 dependencies = [
  "digest",
+ "hmac",
 ]
 
 [[package]]
 name = "pem-rfc7468"
-version = "0.6.0"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "24d159833a9105500e0398934e205e0773f0b27529557134ecfc51c27646adac"
+checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412"
 dependencies = [
  "base64ct",
 ]
 
 [[package]]
 name = "pkcs1"
-version = "0.4.1"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eff33bdbdfc54cc98a2eca766ebdec3e1b8fb7387523d5c9c9a2891da856f719"
+checksum = "178ba28ece1961eafdff1991bd1744c29564cbab5d803f3ccb4a4895a6c550a7"
 dependencies = [
  "der",
  "pkcs8",
@@ -279,14 +280,13 @@ dependencies = [
 
 [[package]]
 name = "pkcs5"
-version = "0.5.0"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d10d862c1f5c302df3c3dbfd837afbae0ad09551a6fa37b10311cb5890a80175"
+checksum = "e847e2c91a18bfa887dd028ec33f2fe6f25db77db3619024764914affe8b69a6"
 dependencies = [
  "aes",
  "cbc",
  "der",
- "hmac",
  "pbkdf2",
  "scrypt",
  "sha2",
@@ -295,9 +295,9 @@ dependencies = [
 
 [[package]]
 name = "pkcs8"
-version = "0.9.0"
+version = "0.10.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba"
+checksum = "3d2820d87d2b008616e5c27212dd9e0e694fb4c6b522de06094106813328cb49"
 dependencies = [
  "der",
  "pkcs5",
@@ -407,11 +407,10 @@ dependencies = [
 
 [[package]]
 name = "scrypt"
-version = "0.10.0"
+version = "0.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9f9e24d2b632954ded8ab2ef9fea0a0c769ea56ea98bddbafbad22caeeadf45d"
+checksum = "0516a385866c09368f0b5bcd1caff3366aace790fcd46e2bb032697bb172fd1f"
 dependencies = [
- "hmac",
  "pbkdf2",
  "salsa20",
  "sha2",
@@ -502,9 +501,9 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
 
 [[package]]
 name = "spki"
-version = "0.6.0"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b"
+checksum = "c0445c905640145c7ea8c1993555957f65e7c46d0535b91ba501bc9bfc85522f"
 dependencies = [
  "base64ct",
  "der",

Cargo.toml

@@ -10,7 +10,7 @@ repository = "https://github.com/RustCrypto/RSA"
 keywords = ["rsa", "encryption", "security", "crypto"]
 categories = ["cryptography"]
 readme = "README.md"
-rust-version = "1.60"
+rust-version = "1.65"
 
 [dependencies]
 num-bigint = { version = "0.8.2", features = ["i128", "u64_digit", "prime", "zeroize"], default-features = false, package = "num-bigint-dig" }
@@ -21,8 +21,8 @@ rand_core = { version = "0.6.4", default-features = false }
 byteorder = { version = "1.3.1", default-features = false }
 subtle = { version = "2.1.1", default-features = false }
 digest = { version = "0.10.5", default-features = false, features = ["alloc", "oid"] }
-pkcs1 = { version = "0.4", default-features = false, features = ["pkcs8", "alloc"] }
-pkcs8 = { version = "0.9", default-features = false, features = ["alloc"] }
+pkcs1 = { version = "0.7.1", default-features = false, features = ["alloc", "pkcs8"] }
+pkcs8 = { version = "0.10", default-features = false, features = ["alloc"] }
 serde = { version = "1.0.103", optional = true, default-features = false, features = ["derive"] }
 sha2 = { version = "0.10.6", optional = true, default-features = false, features = ["oid"] }
 signature = { version = "2", default-features = false , features = ["digest", "rand_core"] }

README.md

@@ -70,9 +70,9 @@ There will be three phases before `1.0` 🚢 can be released.
 
 ## Minimum Supported Rust Version (MSRV)
 
-All crates in this repository support Rust 1.60 or higher. In future
-minimally supported version of Rust can be changed, but it will be done with
-a minor version bump.
+All crates in this repository support Rust 1.65 or higher.
+
+In the future MSRV can be changed, but it will be done with a minor version bump.
 
 ## License
 
@@ -97,7 +97,7 @@ dual licensed as above, without any additional terms or conditions.
 [doc-link]: https://docs.rs/rsa
 [build-image]: https://github.com/rustcrypto/RSA/workflows/CI/badge.svg
 [build-link]: https://github.com/RustCrypto/RSA/actions?query=workflow%3ACI+branch%3Amaster
-[msrv-image]: https://img.shields.io/badge/rustc-1.60+-blue.svg
+[msrv-image]: https://img.shields.io/badge/rustc-1.65+-blue.svg
 [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
 [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260047-RSA
 [deps-image]: https://deps.rs/repo/github/RustCrypto/RSA/status.svg

src/encoding.rs

@@ -5,14 +5,11 @@
 
 use crate::{key::PublicKeyParts, BigUint, RsaPrivateKey, RsaPublicKey};
 use core::convert::{TryFrom, TryInto};
-use pkcs1::der::Encode;
-use pkcs8::{
-    DecodePrivateKey, DecodePublicKey, Document, EncodePrivateKey, EncodePublicKey, SecretDocument,
-};
+use pkcs8::{der::Encode, Document, EncodePrivateKey, EncodePublicKey, SecretDocument};
 use zeroize::Zeroizing;
 
 /// Verify that the `AlgorithmIdentifier` for a key is correct.
-fn verify_algorithm_id(algorithm: &pkcs8::AlgorithmIdentifier) -> pkcs8::spki::Result<()> {
+fn verify_algorithm_id(algorithm: &pkcs8::AlgorithmIdentifierRef) -> pkcs8::spki::Result<()> {
     algorithm.assert_algorithm_oid(pkcs1::ALGORITHM_OID)?;
 
     if algorithm.parameters_any()? != pkcs8::der::asn1::Null.into() {
@@ -45,23 +42,23 @@ impl TryFrom<pkcs8::PrivateKeyInfo<'_>> for RsaPrivateKey {
     }
 }
 
-impl DecodePrivateKey for RsaPrivateKey {}
-
-impl TryFrom<pkcs8::SubjectPublicKeyInfo<'_>> for RsaPublicKey {
+impl TryFrom<pkcs8::SubjectPublicKeyInfoRef<'_>> for RsaPublicKey {
     type Error = pkcs8::spki::Error;
 
-    fn try_from(spki: pkcs8::SubjectPublicKeyInfo<'_>) -> pkcs8::spki::Result<Self> {
+    fn try_from(spki: pkcs8::SubjectPublicKeyInfoRef<'_>) -> pkcs8::spki::Result<Self> {
         verify_algorithm_id(&spki.algorithm)?;
 
-        let pkcs1_key = pkcs1::RsaPublicKey::try_from(spki.subject_public_key)?;
+        let pkcs1_key = pkcs1::RsaPublicKey::try_from(
+            spki.subject_public_key
+                .as_bytes()
+                .ok_or(pkcs8::spki::Error::KeyMalformed)?,
+        )?;
         let n = BigUint::from_bytes_be(pkcs1_key.modulus.as_bytes());
         let e = BigUint::from_bytes_be(pkcs1_key.public_exponent.as_bytes());
         RsaPublicKey::new(n, e).map_err(|_| pkcs8::spki::Error::KeyMalformed)
     }
 }
 
-impl DecodePublicKey for RsaPublicKey {}
-
 impl EncodePrivateKey for RsaPrivateKey {
     fn to_pkcs8_der(&self) -> pkcs8::Result<SecretDocument> {
         // Check if the key is multi prime
@@ -83,17 +80,17 @@ impl EncodePrivateKey for RsaPrivateKey {
         );
 
         let private_key = pkcs1::RsaPrivateKey {
-            modulus: pkcs1::UIntRef::new(&modulus)?,
-            public_exponent: pkcs1::UIntRef::new(&public_exponent)?,
-            private_exponent: pkcs1::UIntRef::new(&private_exponent)?,
-            prime1: pkcs1::UIntRef::new(&prime1)?,
-            prime2: pkcs1::UIntRef::new(&prime2)?,
-            exponent1: pkcs1::UIntRef::new(&exponent1)?,
-            exponent2: pkcs1::UIntRef::new(&exponent2)?,
-            coefficient: pkcs1::UIntRef::new(&coefficient)?,
+            modulus: pkcs1::UintRef::new(&modulus)?,
+            public_exponent: pkcs1::UintRef::new(&public_exponent)?,
+            private_exponent: pkcs1::UintRef::new(&private_exponent)?,
+            prime1: pkcs1::UintRef::new(&prime1)?,
+            prime2: pkcs1::UintRef::new(&prime2)?,
+            exponent1: pkcs1::UintRef::new(&exponent1)?,
+            exponent2: pkcs1::UintRef::new(&exponent2)?,
+            coefficient: pkcs1::UintRef::new(&coefficient)?,
             other_prime_infos: None,
         }
-        .to_vec()?;
+        .to_der()?;
 
         pkcs8::PrivateKeyInfo::new(pkcs1::ALGORITHM_ID, private_key.as_ref()).try_into()
     }
@@ -105,14 +102,17 @@ impl EncodePublicKey for RsaPublicKey {
         let public_exponent = self.e().to_bytes_be();
 
         let subject_public_key = pkcs1::RsaPublicKey {
-            modulus: pkcs1::UIntRef::new(&modulus)?,
-            public_exponent: pkcs1::UIntRef::new(&public_exponent)?,
+            modulus: pkcs1::UintRef::new(&modulus)?,
+            public_exponent: pkcs1::UintRef::new(&public_exponent)?,
         }
-        .to_vec()?;
+        .to_der()?;
 
-        pkcs8::SubjectPublicKeyInfo {
+        pkcs8::SubjectPublicKeyInfoRef {
             algorithm: pkcs1::ALGORITHM_ID,
-            subject_public_key: subject_public_key.as_ref(),
+            subject_public_key: pkcs8::der::asn1::BitStringRef::new(
+                0,
+                subject_public_key.as_ref(),
+            )?,
         }
         .try_into()
     }