spki: extract crate from pkcs8 (#261)

Extracts the core parts of the PKCS#8 crate which implement
X.509 Subject Public Key Info (SPKI) into their own crate.

The longer-term goal of this extraction is to be able to share
SPKI-related types between the `pkcs8` crate and an X.509 crate.

Author: tarcieri

.github/workflows/pkcs8.yml

@@ -7,6 +7,7 @@ on:
       - "const-oid/**"
       - "der/**"
       - "pkcs8/**"
+      - "spki/**"
       - "Cargo.*"
   push:
     branches: master
@@ -25,7 +26,7 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.46.0 # MSRV
+          - 1.47.0 # MSRV
           - stable
         target:
           - thumbv7em-none-eabi
@@ -47,7 +48,7 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.46.0 # MSRV
+          - 1.47.0 # MSRV
           - stable
     steps:
       - uses: actions/checkout@v1

.github/workflows/spki.yml

@@ -0,0 +1,58 @@
+name: spki
+
+on:
+  pull_request:
+    paths:
+      - "base64ct/**"
+      - "const-oid/**"
+      - "der/**"
+      - "spki/**"
+      - "Cargo.*"
+  push:
+    branches: master
+
+defaults:
+  run:
+    working-directory: spki
+
+env:
+  CARGO_INCREMENTAL: 0
+  RUSTFLAGS: "-Dwarnings"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.47.0 # MSRV
+          - stable
+        target:
+          - thumbv7em-none-eabi
+          - wasm32-unknown-unknown
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: ${{ matrix.rust }}
+          target: ${{ matrix.target }}
+          override: true
+      - run: cargo build --release --target ${{ matrix.target }}
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rust:
+          - 1.47.0 # MSRV
+          - stable
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/toolchain@v1
+        with:
+          profile: minimal
+          toolchain: ${{ matrix.rust }}
+          override: true
+      - run: cargo test --release
+      - run: cargo test --release --all-features

Cargo.lock

@@ -12,5 +12,6 @@ members = [
     "der/derive",
     "hex-literal",
     "opaque-debug",
-    "pkcs8"
+    "pkcs8",
+    "spki",
 ]

Cargo.toml

@@ -135,7 +135,7 @@ impl Encodable for GeneralizedTime {
     fn encode(&self, encoder: &mut Encoder<'_>) -> Result<()> {
         self.header().encode(encoder)?;
 
-        let datetime = DateTime::from_unix_duration(self.0).ok_or_else(|| ErrorKind::Value {
+        let datetime = DateTime::from_unix_duration(self.0).ok_or(ErrorKind::Value {
             tag: Tag::GeneralizedTime,
         })?;
 

der/src/asn1/generalized_time.rs

@@ -133,8 +133,8 @@ impl Encodable for UtcTime {
     fn encode(&self, encoder: &mut Encoder<'_>) -> Result<()> {
         self.header().encode(encoder)?;
 
-        let datetime = DateTime::from_unix_duration(self.0)
-            .ok_or_else(|| ErrorKind::Value { tag: Tag::UtcTime })?;
+        let datetime =
+            DateTime::from_unix_duration(self.0).ok_or(ErrorKind::Value { tag: Tag::UtcTime })?;
 
         debug_assert!((1950..2050).contains(&datetime.year()));
         datetime::encode_decimal(encoder, Tag::UtcTime, datetime.year() - 1900)?;

der/src/asn1/utc_time.rs

@@ -1,6 +1,6 @@
 [package]
 name = "pkcs8"
-version = "0.4.1" # Also update html_root_url in lib.rs when bumping this
+version = "0.5.0-pre" # Also update html_root_url in lib.rs when bumping this
 description = """
 Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #8:
 Private-Key Information Syntax Specification (RFC 5208)
@@ -17,6 +17,7 @@ readme = "README.md"
 [dependencies]
 base64ct = { version = "0.2", optional = true, features = ["alloc"], path = "../base64ct" }
 der = { version = "0.2", features = ["oid"], path = "../der" }
+spki = { version = "0", path = "../spki" }
 zeroize = { version = "1", optional = true, default-features = false, features = ["alloc"] }
 
 [dev-dependencies]

pkcs8/Cargo.toml

@@ -8,7 +8,7 @@
 [![Build Status][build-image]][build-link]
 
 Pure Rust implementation of  Public-Key Cryptography Standards (PKCS) #8:
-Private-Key Information Syntax Specification (RFC 5208)
+Private-Key Information Syntax Specification ([RFC 5208]).
 
 [Documentation][docs-link]
 
@@ -34,8 +34,12 @@ dual licensed as above, without any additional terms or conditions.
 [docs-image]: https://docs.rs/pkcs8/badge.svg
 [docs-link]: https://docs.rs/pkcs8/
 [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
-[rustc-image]: https://img.shields.io/badge/rustc-1.46+-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.47+-blue.svg
 [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
 [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260052-utils
 [build-image]: https://github.com/RustCrypto/utils/workflows/pkcs8/badge.svg?branch=master&event=push
 [build-link]: https://github.com/RustCrypto/utils/actions
+
+[//]: # (general links)
+
+[RFC 5208]: https://tools.ietf.org/html/rfc5208

pkcs8/README.md

@@ -1,12 +1,13 @@
 //! PKCS#8 documents: serialized PKCS#8 private keys and SPKI public keys
 // TODO(tarcieri): heapless support?
 
-use crate::{Error, PrivateKeyInfo, Result, SubjectPublicKeyInfo};
+use crate::{error, Error, PrivateKeyInfo, Result, SubjectPublicKeyInfo};
 use alloc::{borrow::ToOwned, vec::Vec};
 use core::{
     convert::{TryFrom, TryInto},
     fmt,
 };
+use der::Encodable;
 use zeroize::{Zeroize, Zeroizing};
 
 #[cfg(feature = "std")]
@@ -86,7 +87,7 @@ impl PrivateKeyDocument {
 
     /// Parse the [`PrivateKeyInfo`] contained in this [`PrivateKeyDocument`]
     pub fn private_key_info(&self) -> PrivateKeyInfo<'_> {
-        PrivateKeyInfo::from_der(self.0.as_ref()).expect("constructor failed to validate document")
+        PrivateKeyInfo::try_from(self.0.as_ref()).expect("constructor failed to validate document")
     }
 }
 
@@ -96,12 +97,28 @@ impl AsRef<[u8]> for PrivateKeyDocument {
     }
 }
 
+impl From<PrivateKeyInfo<'_>> for PrivateKeyDocument {
+    fn from(private_key_info: PrivateKeyInfo<'_>) -> PrivateKeyDocument {
+        PrivateKeyDocument::from(&private_key_info)
+    }
+}
+
+impl From<&PrivateKeyInfo<'_>> for PrivateKeyDocument {
+    fn from(private_key_info: &PrivateKeyInfo<'_>) -> PrivateKeyDocument {
+        private_key_info
+            .to_vec()
+            .ok()
+            .and_then(|buf| buf.try_into().ok())
+            .expect(error::DER_ENCODING_MSG)
+    }
+}
+
 impl TryFrom<&[u8]> for PrivateKeyDocument {
     type Error = Error;
 
     fn try_from(bytes: &[u8]) -> Result<Self> {
         // Ensure document is well-formed
-        PrivateKeyInfo::from_der(bytes)?;
+        PrivateKeyInfo::try_from(bytes)?;
         Ok(Self(Zeroizing::new(bytes.to_owned())))
     }
 }
@@ -111,7 +128,7 @@ impl TryFrom<Vec<u8>> for PrivateKeyDocument {
 
     fn try_from(mut bytes: Vec<u8>) -> Result<Self> {
         // Ensure document is well-formed
-        if PrivateKeyInfo::from_der(&bytes).is_ok() {
+        if PrivateKeyInfo::try_from(bytes.as_slice()).is_ok() {
             Ok(Self(Zeroizing::new(bytes)))
         } else {
             bytes.zeroize();
@@ -210,7 +227,7 @@ impl PublicKeyDocument {
 
     /// Parse the [`SubjectPublicKeyInfo`] contained in this [`PublicKeyDocument`]
     pub fn spki(&self) -> SubjectPublicKeyInfo<'_> {
-        SubjectPublicKeyInfo::from_der(self.0.as_ref())
+        SubjectPublicKeyInfo::try_from(self.0.as_slice())
             .expect("constructor failed to validate document")
     }
 }
@@ -221,12 +238,27 @@ impl AsRef<[u8]> for PublicKeyDocument {
     }
 }
 
+impl From<SubjectPublicKeyInfo<'_>> for PublicKeyDocument {
+    fn from(spki: SubjectPublicKeyInfo<'_>) -> PublicKeyDocument {
+        PublicKeyDocument::from(&spki)
+    }
+}
+
+impl From<&SubjectPublicKeyInfo<'_>> for PublicKeyDocument {
+    fn from(spki: &SubjectPublicKeyInfo<'_>) -> PublicKeyDocument {
+        spki.to_vec()
+            .ok()
+            .and_then(|buf| buf.try_into().ok())
+            .expect(error::DER_ENCODING_MSG)
+    }
+}
+
 impl TryFrom<&[u8]> for PublicKeyDocument {
     type Error = Error;
 
     fn try_from(bytes: &[u8]) -> Result<Self> {
         // Ensure document is well-formed
-        SubjectPublicKeyInfo::from_der(bytes)?;
+        SubjectPublicKeyInfo::try_from(bytes)?;
         Ok(Self(bytes.to_owned()))
     }
 }
@@ -236,7 +268,7 @@ impl TryFrom<Vec<u8>> for PublicKeyDocument {
 
     fn try_from(bytes: Vec<u8>) -> Result<Self> {
         // Ensure document is well-formed
-        SubjectPublicKeyInfo::from_der(&bytes)?;
+        SubjectPublicKeyInfo::try_from(bytes.as_slice())?;
         Ok(Self(bytes))
     }
 }

pkcs8/src/document.rs

@@ -8,7 +8,8 @@
 //! of a heap:
 //!
 //! - [`PrivateKeyInfo`]: algorithm identifier and data representing a private key.
-//! - [`SubjectPublicKeyInfo`]: algorithm identifier and data representing a public key.
+//! - [`SubjectPublicKeyInfo`]: algorithm identifier and data representing a public key
+//!   (re-exported from the [`spki`] crate)
 //!
 //! When the `alloc` feature is enabled, the following additional types are
 //! available which provide more convenient decoding/encoding support:
@@ -35,7 +36,7 @@
 //!
 //! # Minimum Supported Rust Version
 //!
-//! This crate requires **Rust 1.46** at a minimum.
+//! This crate requires **Rust 1.47** at a minimum.
 //!
 //! [RFC 5208]: https://tools.ietf.org/html/rfc5208
 
@@ -44,7 +45,7 @@
 #![doc(
     html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
     html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg",
-    html_root_url = "https://docs.rs/pkcs8/0.4.1"
+    html_root_url = "https://docs.rs/pkcs8/0.5.0-pre"
 )]
 #![forbid(unsafe_code)]
 #![warn(missing_docs, rust_2018_idioms)]
@@ -55,10 +56,8 @@ extern crate alloc;
 #[cfg(feature = "std")]
 extern crate std;
 
-mod algorithm;
 mod error;
 mod private_key_info;
-mod spki;
 mod traits;
 
 #[cfg(feature = "alloc")]
@@ -68,13 +67,12 @@ mod document;
 mod pem;
 
 pub use crate::{
-    algorithm::{AlgorithmIdentifier, AlgorithmParameters},
     error::{Error, Result},
     private_key_info::PrivateKeyInfo,
-    spki::SubjectPublicKeyInfo,
     traits::{FromPrivateKey, FromPublicKey},
 };
 pub use der::{self, ObjectIdentifier};
+pub use spki::{AlgorithmIdentifier, AlgorithmParameters, SubjectPublicKeyInfo};
 
 #[cfg(feature = "alloc")]
 pub use crate::{

pkcs8/src/lib.rs

@@ -49,17 +49,6 @@ pub struct PrivateKeyInfo<'a> {
 }
 
 impl<'a> PrivateKeyInfo<'a> {
-    /// Parse [`PrivateKeyInfo`] encoded as ASN.1 DER.
-    pub fn from_der(bytes: &'a [u8]) -> Result<Self> {
-        Ok(Self::from_bytes(bytes)?)
-    }
-
-    /// Write ASN.1 DER-encoded [`PrivateKeyInfo`] to the provided
-    /// buffer, returning a slice containing the encoded data.
-    pub fn write_der<'b>(&self, buffer: &'b mut [u8]) -> Result<&'b [u8]> {
-        Ok(self.encode_to_slice(buffer)?)
-    }
-
     /// Encode this [`PrivateKeyInfo`] as ASN.1 DER.
     #[cfg(feature = "alloc")]
     #[cfg_attr(docsrs, doc(cfg(feature = "alloc")))]
@@ -84,7 +73,7 @@ impl<'a> TryFrom<&'a [u8]> for PrivateKeyInfo<'a> {
     type Error = Error;
 
     fn try_from(bytes: &'a [u8]) -> Result<Self> {
-        Self::from_der(bytes)
+        Ok(Self::from_bytes(bytes)?)
     }
 }