Skip to content

Commit

Permalink
revert: remove x509 feature
Browse files Browse the repository at this point in the history
  • Loading branch information
juliusl committed Oct 3, 2024
1 parent 0e44116 commit e0fc46c
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 112 deletions.
2 changes: 0 additions & 2 deletions ed25519-dalek/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@ merlin = { version = "3", default-features = false, optional = true }
rand_core = { version = "0.6.4", default-features = false, optional = true }
serde = { version = "1.0", default-features = false, optional = true }
zeroize = { version = "1.5", default-features = false, optional = true }
x509-cert = { version = "0.2.5", features = ["builder"], optional = true }

[dev-dependencies]
curve25519-dalek = { version = "4", path = "../curve25519-dalek", default-features = false, features = ["digest", "rand_core"] }
Expand Down Expand Up @@ -72,7 +71,6 @@ digest = ["signature/digest"]
hazmat = []
# Turns off stricter checking for scalar malleability in signatures
legacy_compatibility = ["curve25519-dalek/legacy_compatibility"]
x509 = ["pkcs8", "alloc", "dep:x509-cert"]
pkcs8 = ["ed25519/pkcs8"]
pem = ["alloc", "ed25519/pem", "pkcs8"]
rand_core = ["dep:rand_core"]
Expand Down
45 changes: 0 additions & 45 deletions ed25519-dalek/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -288,52 +288,7 @@ pub use crate::verifying::*;
#[cfg(feature = "digest")]
pub use ed25519::signature::{DigestSigner, DigestVerifier};
pub use ed25519::signature::{Signer, Verifier};

#[cfg(not(feature = "x509"))]
pub use ed25519::Signature;

#[cfg(feature = "x509")]
pub use signature_wrapper::Signature;

#[cfg(feature = "x509")]
mod signature_wrapper {
use core::ops::Deref;
use core::ops::DerefMut;

/// Wrapper over ed25519::Signature to enable additional trait implementations required to build x509 certificates
#[derive(Copy, Clone, Eq, PartialEq)]
#[repr(C)]
pub struct Signature(pub ed25519::Signature);

impl Signature {
/// Parse an Ed25519 signature from a byte slice.
pub fn from_bytes(bytes: &ed25519::SignatureBytes) -> Self {
Self(ed25519::Signature::from_bytes(bytes))
}
}

impl TryFrom<&[u8]> for Signature {
type Error = ed25519::Error;

fn try_from(value: &[u8]) -> Result<Self, Self::Error> {
Ok(Self(ed25519::Signature::try_from(value)?))
}
}

impl Deref for Signature {
type Target = ed25519::Signature;

fn deref(&self) -> &Self::Target {
&self.0
}
}

impl DerefMut for Signature {
fn deref_mut(&mut self) -> &mut Self::Target {
&mut self.0
}
}
}

#[cfg(feature = "pkcs8")]
pub use ed25519::pkcs8;
16 changes: 0 additions & 16 deletions ed25519-dalek/src/signature.rs
Original file line number Diff line number Diff line change
Expand Up @@ -174,20 +174,4 @@ impl From<InternalSignature> for ed25519::Signature {
fn from(sig: InternalSignature) -> ed25519::Signature {
ed25519::Signature::from_components(*sig.R.as_bytes(), *sig.s.as_bytes())
}
}

#[cfg(feature = "x509")]
impl From<InternalSignature> for crate::Signature {
fn from(value: InternalSignature) -> Self {
crate::Signature(ed25519::Signature::from(value))
}
}

#[cfg(feature = "x509")]
impl ed25519::pkcs8::spki::SignatureBitStringEncoding for crate::Signature {
fn to_bitstring(&self) -> x509_cert::der::Result<x509_cert::der::asn1::BitString> {
let signature: ed25519::Signature = self.0.into();

x509_cert::der::asn1::BitString::new(0, signature.to_vec())
}
}
61 changes: 12 additions & 49 deletions ed25519-dalek/tests/pkcs8.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,20 +4,13 @@
//! RFC5958 (PKCS#8) and RFC5280 (SPKI).
#![cfg(feature = "pkcs8")]
use ed25519_dalek::pkcs8::{DecodePrivateKey, DecodePublicKey};
use ed25519_dalek::pkcs8::{spki::DynSignatureAlgorithmIdentifier, DecodePrivateKey, DecodePublicKey};
use ed25519_dalek::{SigningKey, VerifyingKey};
use hex_literal::hex;

#[cfg(feature = "alloc")]
use ed25519_dalek::pkcs8::{EncodePrivateKey, EncodePublicKey};

#[cfg(feature = "x509")]
use x509_cert::builder::Builder;
#[cfg(feature = "x509")]
use x509_cert::der::EncodePem;
#[cfg(feature = "x509")]
use x509_cert::spki::DynSignatureAlgorithmIdentifier;

/// Ed25519 PKCS#8 v1 private key encoded as ASN.1 DER.
const PKCS8_V1_DER: &[u8] = include_bytes!("examples/pkcs8-v1.der");

Expand Down Expand Up @@ -76,45 +69,15 @@ fn encode_verifying_key() {
assert_eq!(verifying_key, verifying_key2);
}

#[cfg(feature = "x509")]
#[test]
fn build_valid_x509_cert() {
use std::time::Duration;
use std::str::FromStr;
use x509_cert::{
builder::{CertificateBuilder, Profile},
name::Name,
serial_number::SerialNumber,
spki:: SubjectPublicKeyInfoOwned,
time::Validity,
};
let profile = Profile::Root;
let serial_number = SerialNumber::from(42u32);
let validity = Validity::from_now(Duration::new(360, 0)).unwrap();
let subject = Name::from_str("CN=World domination corporation,O=World domination Inc,C=US").unwrap();
let signing = SigningKey::from_bytes(&SK_BYTES);
let verifying_key = VerifyingKey::from_bytes(&PK_BYTES).unwrap();
let public_key = verifying_key.to_public_key_der().unwrap();
let key_info =
SubjectPublicKeyInfoOwned::try_from(&public_key.as_bytes()[..]).unwrap();

let builder = CertificateBuilder::new(
profile,
serial_number,
validity,
subject,
key_info,
&signing,
)
.expect("should create certificate");

let certificate = builder.build().unwrap();
certificate.to_pem(x509_cert::der::pem::LineEnding::LF).expect("should generate pem");

// Note: In order to verify the certificate the same way the x509_cert crate does it via `x509-cert-test-support`, it requires an additional `zlint` tool to be installed
// The tool is installed via `go install github.com/zmap/zlint/v3/cmd/zlint@latest`.
//
// TODO: Blocked by: https://github.com/zmap/zlint/issues/883
// let ignored = &[];
// x509_cert_test_support::zlint::check_certificate(pem.as_bytes(), ignored);
}
fn get_algo_identifier() {
let verifying_key = VerifyingKey::from_public_key_der(PUBLIC_KEY_DER).unwrap();
let identifier = verifying_key.signature_algorithm_identifier().unwrap();
assert!(identifier.parameters.is_none()); // According to rfc8410 this must be None
assert_eq!(identifier.oid, ed25519::pkcs8::ALGORITHM_OID);

let signing_key = SigningKey::from_bytes(&SK_BYTES);
let identifer = signing_key.signature_algorithm_identifier().unwrap();
assert!(identifer.parameters.is_none()); // According to rfc8410 this must be None
assert_eq!(identifer.oid, ed25519::pkcs8::ALGORITHM_OID);
}

0 comments on commit e0fc46c

Please sign in to comment.