diff --git a/Cargo.lock b/Cargo.lock index 5dc0bf98e3..54fd8f913b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -745,18 +745,6 @@ dependencies = [ "cfg-if", ] -[[package]] -name = "crypto-bigint" -version = "0.4.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef" -dependencies = [ - "generic-array", - "rand_core", - "subtle", - "zeroize", -] - [[package]] name = "crypto-bigint" version = "0.5.3" @@ -1177,11 +1165,11 @@ dependencies = [ "curve25519-dalek", "deno_core", "deno_web", - "elliptic-curve 0.12.3", + "elliptic-curve", "num-traits", "once_cell", - "p256 0.11.1", - "p384 0.11.2", + "p256", + "p384", "rand", "ring", "rsa", @@ -1191,7 +1179,7 @@ dependencies = [ "sha1", "sha2", "signature 1.6.4", - "spki 0.6.0", + "spki", "tokio", "uuid", "x25519-dalek", @@ -1489,7 +1477,7 @@ dependencies = [ "digest", "dsa", "ecb", - "elliptic-curve 0.13.5", + "elliptic-curve", "errno 0.2.8", "h2", "hex", @@ -1508,8 +1496,8 @@ dependencies = [ "num-traits", "once_cell", "p224", - "p256 0.13.2", - "p384 0.13.0", + "p256", + "p384", "path-clean", "pbkdf2", "rand", @@ -1829,8 +1817,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de" dependencies = [ "const-oid", - "pem-rfc7468 0.6.0", - "zeroize", ] [[package]] @@ -1840,7 +1826,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" dependencies = [ "const-oid", - "pem-rfc7468 0.7.0", + "pem-rfc7468", "zeroize", ] @@ -2066,8 +2052,8 @@ dependencies = [ "digest", "num-bigint-dig", "num-traits", - "pkcs8 0.10.2", - "rfc6979 0.4.0", + "pkcs8", + "rfc6979", "sha2", "signature 2.1.0", "zeroize", @@ -2114,18 +2100,6 @@ dependencies = [ "cipher", ] -[[package]] -name = "ecdsa" -version = "0.14.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "413301934810f597c1d19ca71c8710e99a3f1ba28a0d2ebc01551a2daeea3c5c" -dependencies = [ - "der 0.6.1", - "elliptic-curve 0.12.3", - "rfc6979 0.3.1", - "signature 1.6.4", -] - [[package]] name = "ecdsa" version = "0.16.8" @@ -2134,10 +2108,10 @@ checksum = "a4b1e0c257a9e9f25f90ff76d7a68360ed497ee519c8e428d1825ef0000799d4" dependencies = [ "der 0.7.8", "digest", - "elliptic-curve 0.13.5", - "rfc6979 0.4.0", + "elliptic-curve", + "rfc6979", "signature 2.1.0", - "spki 0.7.2", + "spki", ] [[package]] @@ -2146,28 +2120,6 @@ version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" -[[package]] -name = "elliptic-curve" -version = "0.12.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3" -dependencies = [ - "base16ct 0.1.1", - "crypto-bigint 0.4.9", - "der 0.6.1", - "digest", - "ff 0.12.1", - "generic-array", - "group 0.12.1", - "hkdf", - "pem-rfc7468 0.6.0", - "pkcs8 0.9.0", - "rand_core", - "sec1 0.3.0", - "subtle", - "zeroize", -] - [[package]] name = "elliptic-curve" version = "0.13.5" @@ -2175,14 +2127,14 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "968405c8fdc9b3bf4df0a6638858cc0b52462836ab6b1c87377785dd09cf1c0b" dependencies = [ "base16ct 0.2.0", - "crypto-bigint 0.5.3", + "crypto-bigint", "digest", - "ff 0.13.0", + "ff", "generic-array", - "group 0.13.0", + "group", "hkdf", - "pem-rfc7468 0.7.0", - "pkcs8 0.10.2", + "pem-rfc7468", + "pkcs8", "rand_core", "sec1 0.7.3", "subtle", @@ -2379,16 +2331,6 @@ dependencies = [ "windows-sys", ] -[[package]] -name = "ff" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160" -dependencies = [ - "rand_core", - "subtle", -] - [[package]] name = "ff" version = "0.13.0" @@ -2665,24 +2607,13 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" -[[package]] -name = "group" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7" -dependencies = [ - "ff 0.12.1", - "rand_core", - "subtle", -] - [[package]] name = "group" version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" dependencies = [ - "ff 0.13.0", + "ff", "rand_core", "subtle", ] @@ -3718,54 +3649,32 @@ version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "30c06436d66652bc2f01ade021592c80a2aad401570a18aa18b82e440d2b9aa1" dependencies = [ - "ecdsa 0.16.8", - "elliptic-curve 0.13.5", + "ecdsa", + "elliptic-curve", "primeorder", "sha2", ] -[[package]] -name = "p256" -version = "0.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51f44edd08f51e2ade572f141051021c5af22677e42b7dd28a88155151c33594" -dependencies = [ - "ecdsa 0.14.8", - "elliptic-curve 0.12.3", - "sha2", -] - [[package]] name = "p256" version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" dependencies = [ - "ecdsa 0.16.8", - "elliptic-curve 0.13.5", + "ecdsa", + "elliptic-curve", "primeorder", "sha2", ] -[[package]] -name = "p384" -version = "0.11.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dfc8c5bf642dde52bb9e87c0ecd8ca5a76faac2eeed98dedb7c717997e1080aa" -dependencies = [ - "ecdsa 0.14.8", - "elliptic-curve 0.12.3", - "sha2", -] - [[package]] name = "p384" version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209" dependencies = [ - "ecdsa 0.16.8", - "elliptic-curve 0.13.5", + "ecdsa", + "elliptic-curve", "primeorder", "sha2", ] @@ -3860,15 +3769,6 @@ dependencies = [ "hmac", ] -[[package]] -name = "pem-rfc7468" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24d159833a9105500e0398934e205e0773f0b27529557134ecfc51c27646adac" -dependencies = [ - "base64ct", -] - [[package]] name = "pem-rfc7468" version = "0.7.0" @@ -3977,18 +3877,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f" dependencies = [ "der 0.7.8", - "pkcs8 0.10.2", - "spki 0.7.2", -] - -[[package]] -name = "pkcs8" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9eca2c590a5f85da82668fa685c09ce2888b9430e83299debf1f34b65fd4a4ba" -dependencies = [ - "der 0.6.1", - "spki 0.6.0", + "pkcs8", + "spki", ] [[package]] @@ -3998,7 +3888,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" dependencies = [ "der 0.7.8", - "spki 0.7.2", + "spki", ] [[package]] @@ -4088,7 +3978,7 @@ version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3c2fcef82c0ec6eefcc179b978446c399b3cdf73c392c35604e399eee6df1ee3" dependencies = [ - "elliptic-curve 0.13.5", + "elliptic-curve", ] [[package]] @@ -4414,17 +4304,6 @@ dependencies = [ "quick-error", ] -[[package]] -name = "rfc6979" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7743f17af12fa0b03b803ba12cd6a8d9483a587e89c69445e3909655c0b9fabb" -dependencies = [ - "crypto-bigint 0.4.9", - "hmac", - "zeroize", -] - [[package]] name = "rfc6979" version = "0.4.0" @@ -4470,10 +4349,10 @@ dependencies = [ "num-integer", "num-traits", "pkcs1", - "pkcs8 0.10.2", + "pkcs8", "rand_core", "signature 2.1.0", - "spki 0.7.2", + "spki", "subtle", "zeroize", ] @@ -4749,9 +4628,6 @@ dependencies = [ "base16ct 0.1.1", "der 0.6.1", "generic-array", - "pkcs8 0.9.0", - "subtle", - "zeroize", ] [[package]] @@ -4763,16 +4639,16 @@ dependencies = [ "base16ct 0.2.0", "der 0.7.8", "generic-array", - "pkcs8 0.10.2", + "pkcs8", "subtle", "zeroize", ] [[package]] name = "secp256k1" -version = "0.27.0" +version = "0.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25996b82292a7a57ed3508f052cfff8640d38d32018784acd714758b43da9c8f" +checksum = "2acea373acb8c21ecb5a23741452acd2593ed44ee3d343e72baaa143bc89d0d5" dependencies = [ "rand", "secp256k1-sys", @@ -4780,9 +4656,9 @@ dependencies = [ [[package]] name = "secp256k1-sys" -version = "0.8.1" +version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70a129b9e9efbfb223753b9163c4ab3b13cff7fd9c7f010fbac25ab4099fa07e" +checksum = "09e67c467c38fd24bd5499dc9a18183b31575c12ee549197e3e20d57aa4fe3b7" dependencies = [ "cc", ] @@ -4980,10 +4856,6 @@ name = "signature" version = "1.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c" -dependencies = [ - "digest", - "rand_core", -] [[package]] name = "signature" @@ -5106,16 +4978,6 @@ version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" -[[package]] -name = "spki" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67cf02bbac7a337dc36e4f5a693db6c21e7863f45070f7064577eb4367a3212b" -dependencies = [ - "base64ct", - "der 0.6.1", -] - [[package]] name = "spki" version = "0.7.2" diff --git a/Cargo.toml b/Cargo.toml index 8fb29422c7..663fdb5e7a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -137,7 +137,7 @@ serde = { version = "1.0.149", features = ["derive"] } serde_bytes = "0.11" serde_json = "1.0.85" serde_repr = "=0.1.16" -sha2 = { version = "0.10.6", features = ["oid"] } +sha2 = { version = "0.10.8", features = ["oid"] } signature = "=1.6.4" slab = "0.4" smallvec = "1.8" diff --git a/ext/crypto/Cargo.toml b/ext/crypto/Cargo.toml index d02bf58a3b..5921beee67 100644 --- a/ext/crypto/Cargo.toml +++ b/ext/crypto/Cargo.toml @@ -25,22 +25,21 @@ ctr = "0.9.1" curve25519-dalek = "4.1.1" deno_core.workspace = true deno_web.workspace = true -elliptic-curve = { version = "0.12.1", features = ["std", "pem"] } +elliptic-curve = { version = "0.13.1", features = ["std", "pem"] } num-traits = "0.2.14" once_cell.workspace = true -p256 = { version = "0.11.1", features = ["ecdh"] } -p384 = "0.11.1" +p256 = { version = "0.13.2", features = ["ecdh"] } +p384 = "0.13.0" rand.workspace = true ring = { workspace = true, features = ["std"] } rsa.workspace = true sec1 = "0.3.0" serde.workspace = true serde_bytes.workspace = true -sha1 = { version = "0.10.5", features = ["oid"] } +sha1 = { version = "0.10.6", features = ["oid"] } sha2.workspace = true signature.workspace = true -spki = "0.6.0" +spki = "0.7.2" tokio.workspace = true uuid.workspace = true -# https://github.com/dalek-cryptography/x25519-dalek/pull/89 -x25519-dalek = "2.0.0-pre.1" +x25519-dalek = "2.0.0" diff --git a/ext/crypto/ed25519.rs b/ext/crypto/ed25519.rs index 874eb74b07..10477219ad 100644 --- a/ext/crypto/ed25519.rs +++ b/ext/crypto/ed25519.rs @@ -11,6 +11,7 @@ use rand::rngs::OsRng; use rand::RngCore; use ring::signature::Ed25519KeyPair; use ring::signature::KeyPair; +use spki::der::asn1::BitString; use spki::der::Decode; use spki::der::Encode; @@ -65,7 +66,7 @@ pub fn op_crypto_import_spki_ed25519( #[buffer] out: &mut [u8], ) -> bool { // 2-3. - let pk_info = match spki::SubjectPublicKeyInfo::from_der(key_data) { + let pk_info = match spki::SubjectPublicKeyInfoRef::try_from(key_data) { Ok(pk_info) => pk_info, Err(_) => return false, }; @@ -78,7 +79,7 @@ pub fn op_crypto_import_spki_ed25519( if pk_info.algorithm.parameters.is_some() { return false; } - out.copy_from_slice(pk_info.subject_public_key); + out.copy_from_slice(pk_info.subject_public_key.raw_bytes()); true } @@ -117,16 +118,16 @@ pub fn op_crypto_export_spki_ed25519( #[buffer] pubkey: &[u8], ) -> Result { let key_info = spki::SubjectPublicKeyInfo { - algorithm: spki::AlgorithmIdentifier { + algorithm: spki::AlgorithmIdentifierOwned { // id-Ed25519 oid: ED25519_OID, parameters: None, }, - subject_public_key: pubkey, + subject_public_key: BitString::from_bytes(pubkey)?, }; Ok( key_info - .to_vec() + .to_der() .map_err(|_| { custom_error("DOMExceptionOperationError", "Failed to export key") })? diff --git a/ext/crypto/export_key.rs b/ext/crypto/export_key.rs index 4ba30fbaa7..7f1c2d0071 100644 --- a/ext/crypto/export_key.rs +++ b/ext/crypto/export_key.rs @@ -16,7 +16,9 @@ use rsa::pkcs8::der::Encode; use serde::Deserialize; use serde::Serialize; use spki::der::asn1; +use spki::der::asn1::BitString; use spki::AlgorithmIdentifier; +use spki::AlgorithmIdentifierOwned; use crate::shared::*; @@ -126,7 +128,6 @@ fn export_key_rsa( ) -> Result { match format { ExportKeyFormat::Spki => { - use spki::der::Encode; let subject_public_key = &key_data.as_rsa_public_key()?; // the SPKI structure @@ -138,11 +139,11 @@ fn export_key_rsa( // It MUST have ASN.1 type NULL. parameters: Some(asn1::AnyRef::from(asn1::Null)), }, - subject_public_key, + subject_public_key: BitString::from_bytes(&subject_public_key).unwrap(), }; // Infallible because we know the public key is valid. - let spki_der = key_info.to_vec().unwrap(); + let spki_der = key_info.to_der().unwrap(); Ok(ExportKeyResult::Spki(spki_der.into())) } ExportKeyFormat::Pkcs8 => { @@ -259,8 +260,6 @@ fn export_key_ec( Ok(ExportKeyResult::Raw(subject_public_key.into())) } ExportKeyFormat::Spki => { - use spki::der::Encode; - let subject_public_key = match named_curve { EcNamedCurve::P256 => { let point = key_data.as_ec_public_key_p256()?; @@ -278,11 +277,11 @@ fn export_key_ec( }; let alg_id = match named_curve { - EcNamedCurve::P256 => AlgorithmIdentifier { + EcNamedCurve::P256 => AlgorithmIdentifierOwned { oid: elliptic_curve::ALGORITHM_OID, parameters: Some((&p256::NistP256::OID).into()), }, - EcNamedCurve::P384 => AlgorithmIdentifier { + EcNamedCurve::P384 => AlgorithmIdentifierOwned { oid: elliptic_curve::ALGORITHM_OID, parameters: Some((&p384::NistP384::OID).into()), }, @@ -302,10 +301,10 @@ fn export_key_ec( // the SPKI structure let key_info = spki::SubjectPublicKeyInfo { algorithm: alg_id, - subject_public_key: &subject_public_key, + subject_public_key: BitString::from_bytes(&subject_public_key).unwrap(), }; - let spki_der = key_info.to_vec().unwrap(); + let spki_der = key_info.to_der().unwrap(); Ok(ExportKeyResult::Spki(spki_der.into())) } @@ -374,7 +373,7 @@ fn export_key_ec( Ok(ExportKeyResult::JwkPrivateEc { x: bytes_to_b64(x), y: bytes_to_b64(y), - d: bytes_to_b64(&ec_key.to_be_bytes()), + d: bytes_to_b64(&ec_key.to_bytes()), }) } else { Err(data_error("expected valid public EC key")) @@ -397,7 +396,7 @@ fn export_key_ec( Ok(ExportKeyResult::JwkPrivateEc { x: bytes_to_b64(x), y: bytes_to_b64(y), - d: bytes_to_b64(&ec_key.to_be_bytes()), + d: bytes_to_b64(&ec_key.to_bytes()), }) } else { Err(data_error("expected valid public EC key")) diff --git a/ext/crypto/import_key.rs b/ext/crypto/import_key.rs index 5f7c214ead..0ffc89888e 100644 --- a/ext/crypto/import_key.rs +++ b/ext/crypto/import_key.rs @@ -206,12 +206,10 @@ fn import_key_rsa_jwk( fn import_key_rsassa( key_data: KeyData, ) -> Result { - use rsa::pkcs1::der::Decode; - match key_data { KeyData::Spki(data) => { // 2-3. - let pk_info = spki::SubjectPublicKeyInfo::from_der(&data) + let pk_info = spki::SubjectPublicKeyInfoRef::try_from(&*data) .map_err(|e| data_error(e.to_string()))?; // 4-5. @@ -223,21 +221,24 @@ fn import_key_rsassa( } // 8-9. - let public_key = - rsa::pkcs1::RsaPublicKey::from_der(pk_info.subject_public_key) - .map_err(|e| data_error(e.to_string()))?; + let public_key = rsa::pkcs1::RsaPublicKey::from_der( + pk_info.subject_public_key.raw_bytes(), + ) + .map_err(|e| data_error(e.to_string()))?; let bytes_consumed = public_key .encoded_len() .map_err(|e| data_error(e.to_string()))?; if bytes_consumed - != rsa::pkcs1::der::Length::new(pk_info.subject_public_key.len() as u16) + != rsa::pkcs1::der::Length::new( + pk_info.subject_public_key.raw_bytes().len() as u16, + ) { return Err(data_error("public key is invalid (too long)")); } - let data = pk_info.subject_public_key.to_vec().into(); + let data = pk_info.subject_public_key.to_der()?.into(); let public_exponent = public_key.public_exponent.as_bytes().to_vec().into(); let modulus_length = public_key.modulus.as_bytes().len() * 8; @@ -297,12 +298,10 @@ fn import_key_rsassa( fn import_key_rsapss( key_data: KeyData, ) -> Result { - use rsa::pkcs1::der::Decode; - match key_data { KeyData::Spki(data) => { // 2-3. - let pk_info = spki::SubjectPublicKeyInfo::from_der(&data) + let pk_info = spki::SubjectPublicKeyInfoRef::try_from(&*data) .map_err(|e| data_error(e.to_string()))?; // 4-5. @@ -314,21 +313,24 @@ fn import_key_rsapss( } // 8-9. - let public_key = - rsa::pkcs1::RsaPublicKey::from_der(pk_info.subject_public_key) - .map_err(|e| data_error(e.to_string()))?; + let public_key = rsa::pkcs1::RsaPublicKey::from_der( + pk_info.subject_public_key.raw_bytes(), + ) + .map_err(|e| data_error(e.to_string()))?; let bytes_consumed = public_key .encoded_len() .map_err(|e| data_error(e.to_string()))?; if bytes_consumed - != rsa::pkcs1::der::Length::new(pk_info.subject_public_key.len() as u16) + != rsa::pkcs1::der::Length::new( + pk_info.subject_public_key.raw_bytes().len() as u16, + ) { return Err(data_error("public key is invalid (too long)")); } - let data = pk_info.subject_public_key.to_vec().into(); + let data = pk_info.subject_public_key.to_der()?.into(); let public_exponent = public_key.public_exponent.as_bytes().to_vec().into(); let modulus_length = public_key.modulus.as_bytes().len() * 8; @@ -388,12 +390,10 @@ fn import_key_rsapss( fn import_key_rsaoaep( key_data: KeyData, ) -> Result { - use rsa::pkcs1::der::Decode; - match key_data { KeyData::Spki(data) => { // 2-3. - let pk_info = spki::SubjectPublicKeyInfo::from_der(&data) + let pk_info = spki::SubjectPublicKeyInfoRef::try_from(&*data) .map_err(|e| data_error(e.to_string()))?; // 4-5. @@ -405,21 +405,24 @@ fn import_key_rsaoaep( } // 8-9. - let public_key = - rsa::pkcs1::RsaPublicKey::from_der(pk_info.subject_public_key) - .map_err(|e| data_error(e.to_string()))?; + let public_key = rsa::pkcs1::RsaPublicKey::from_der( + pk_info.subject_public_key.raw_bytes(), + ) + .map_err(|e| data_error(e.to_string()))?; let bytes_consumed = public_key .encoded_len() .map_err(|e| data_error(e.to_string()))?; if bytes_consumed - != rsa::pkcs1::der::Length::new(pk_info.subject_public_key.len() as u16) + != rsa::pkcs1::der::Length::new( + pk_info.subject_public_key.raw_bytes().len() as u16, + ) { return Err(data_error("public key is invalid (too long)")); } - let data = pk_info.subject_public_key.to_vec().into(); + let data = pk_info.subject_public_key.to_der()?.into(); let public_exponent = public_key.public_exponent.as_bytes().to_vec().into(); let modulus_length = public_key.modulus.as_bytes().len() * 8; @@ -541,14 +544,14 @@ fn import_key_ec_jwk( let pkcs8_der = match named_curve { EcNamedCurve::P256 => { let d = decode_b64url_to_field_bytes::(&d)?; - let pk = p256::SecretKey::from_be_bytes(&d)?; + let pk = p256::SecretKey::from_bytes(&d)?; pk.to_pkcs8_der() .map_err(|_| data_error("invalid JWK private key"))? } EcNamedCurve::P384 => { let d = decode_b64url_to_field_bytes::(&d)?; - let pk = p384::SecretKey::from_be_bytes(&d)?; + let pk = p384::SecretKey::from_bytes(&d)?; pk.to_pkcs8_der() .map_err(|_| data_error("invalid JWK private key"))? @@ -593,7 +596,7 @@ impl<'a> TryFrom> for ECParametersSpki { fn try_from( any: spki::der::asn1::AnyRef<'a>, ) -> spki::der::Result { - let x = any.oid()?; + let x = any.try_into()?; Ok(Self { named_curve_alg: x }) } @@ -642,7 +645,7 @@ fn import_key_ec( pk.algorithm .parameters .ok_or_else(|| data_error("malformed parameters"))? - .oid() + .try_into() .unwrap() } EcNamedCurve::P521 => { @@ -689,7 +692,7 @@ fn import_key_ec( } KeyData::Spki(data) => { // 2-3. - let pk_info = spki::SubjectPublicKeyInfo::from_der(&data) + let pk_info = spki::SubjectPublicKeyInfoRef::try_from(&*data) .map_err(|e| data_error(e.to_string()))?; // 4. @@ -726,7 +729,7 @@ fn import_key_ec( if let Some(pk_named_curve) = pk_named_curve { let pk = pk_info.subject_public_key; - encoded_key = pk.to_vec(); + encoded_key = pk.to_der()?; let bytes_consumed = match named_curve { EcNamedCurve::P256 => { @@ -755,7 +758,7 @@ fn import_key_ec( _ => return Err(not_supported_error("Unsupported named curve")), }; - if bytes_consumed != pk_info.subject_public_key.len() { + if bytes_consumed != pk_info.subject_public_key.raw_bytes().len() { return Err(data_error("public key is invalid (too long)")); } diff --git a/ext/crypto/x25519.rs b/ext/crypto/x25519.rs index 8090f28806..9d62fd4a96 100644 --- a/ext/crypto/x25519.rs +++ b/ext/crypto/x25519.rs @@ -9,6 +9,7 @@ use elliptic_curve::pkcs8::PrivateKeyInfo; use elliptic_curve::subtle::ConstantTimeEq; use rand::rngs::OsRng; use rand::RngCore; +use spki::der::asn1::BitString; use spki::der::Decode; use spki::der::Encode; @@ -62,7 +63,7 @@ pub fn op_crypto_import_spki_x25519( #[buffer] out: &mut [u8], ) -> bool { // 2-3. - let pk_info = match spki::SubjectPublicKeyInfo::from_der(key_data) { + let pk_info = match spki::SubjectPublicKeyInfoRef::try_from(key_data) { Ok(pk_info) => pk_info, Err(_) => return false, }; @@ -75,7 +76,7 @@ pub fn op_crypto_import_spki_x25519( if pk_info.algorithm.parameters.is_some() { return false; } - out.copy_from_slice(pk_info.subject_public_key); + out.copy_from_slice(pk_info.subject_public_key.raw_bytes()); true } @@ -114,16 +115,16 @@ pub fn op_crypto_export_spki_x25519( #[buffer] pubkey: &[u8], ) -> Result { let key_info = spki::SubjectPublicKeyInfo { - algorithm: spki::AlgorithmIdentifier { + algorithm: spki::AlgorithmIdentifierRef { // id-X25519 oid: X25519_OID, parameters: None, }, - subject_public_key: pubkey, + subject_public_key: BitString::from_bytes(pubkey)?, }; Ok( key_info - .to_vec() + .to_der() .map_err(|_| { custom_error("DOMExceptionOperationError", "Failed to export key") })? diff --git a/ext/node/Cargo.toml b/ext/node/Cargo.toml index 2d78dd4314..8877a9cb16 100644 --- a/ext/node/Cargo.toml +++ b/ext/node/Cargo.toml @@ -59,7 +59,7 @@ ring.workspace = true ripemd = "0.1.3" rsa.workspace = true scrypt = "0.11.0" -secp256k1 = { version = "0.27.0", features = ["rand-std"] } +secp256k1 = { version = "0.28.0", features = ["rand-std"] } serde = "1.0.149" sha-1 = "0.10.0" sha2.workspace = true @@ -68,6 +68,5 @@ tokio.workspace = true typenum = "1.15.0" url.workspace = true winapi.workspace = true -# https://github.com/dalek-cryptography/x25519-dalek/pull/89 -x25519-dalek = "2.0.0-pre.1" +x25519-dalek = "2.0.0" x509-parser = "0.15.0"