instant-labs
/
instant-acme
mirror of https://github.com/instant-labs/instant-acme.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Deduplicate EcdsaKeyPair construction

This commit is contained in:
Dirkjan Ochtman 2024-07-16 10:14:58 +02:00
parent e0ac09439e
commit 257a958a0a
1 changed files with 22 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
src/lib.rs
View File

@ -552,24 +552,14 @@ impl Key {
let rng = crypto::SystemRandom::new(); let rng = crypto::SystemRandom::new();
let pkcs8 = let pkcs8 =
crypto::EcdsaKeyPair::generate_pkcs8(&crypto::ECDSA_P256_SHA256_FIXED_SIGNING, &rng)?; crypto::EcdsaKeyPair::generate_pkcs8(&crypto::ECDSA_P256_SHA256_FIXED_SIGNING, &rng)?;
#[cfg(all(feature = "ring", not(feature = "aws-lc-rs")))] let inner = crypto::p256_key_pair_from_pkcs8(pkcs8.as_ref(), &rng)?;
let key = crypto::EcdsaKeyPair::from_pkcs8( let thumb = BASE64_URL_SAFE_NO_PAD.encode(Jwk::thumb_sha256(&inner)?);
&crypto::ECDSA_P256_SHA256_FIXED_SIGNING,
pkcs8.as_ref(),
&rng,
)?;
#[cfg(feature = "aws-lc-rs")]
let key = crypto::EcdsaKeyPair::from_pkcs8(
&crypto::ECDSA_P256_SHA256_FIXED_SIGNING,
pkcs8.as_ref(),
)?;
let thumb = BASE64_URL_SAFE_NO_PAD.encode(Jwk::thumb_sha256(&key)?);
Ok(( Ok((
Self { Self {
rng, rng,
signing_algorithm: SigningAlgorithm::Es256, signing_algorithm: SigningAlgorithm::Es256,
inner: key, inner,
thumb, thumb,
}, },
pkcs8, pkcs8,
@ -578,22 +568,13 @@ impl Key {
fn from_pkcs8_der(pkcs8_der: &[u8]) -> Result<Self, Error> { fn from_pkcs8_der(pkcs8_der: &[u8]) -> Result<Self, Error> {
let rng = crypto::SystemRandom::new(); let rng = crypto::SystemRandom::new();
#[cfg(all(feature = "ring", not(feature = "aws-lc-rs")))] let inner = crypto::p256_key_pair_from_pkcs8(pkcs8_der, &rng)?;
let key = crypto::EcdsaKeyPair::from_pkcs8( let thumb = BASE64_URL_SAFE_NO_PAD.encode(Jwk::thumb_sha256(&inner)?);
&crypto::ECDSA_P256_SHA256_FIXED_SIGNING,
pkcs8_der,
&rng,
)?;
#[cfg(feature = "aws-lc-rs")]
let key =
crypto::EcdsaKeyPair::from_pkcs8(&crypto::ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8_der)?;
let thumb = BASE64_URL_SAFE_NO_PAD.encode(Jwk::thumb_sha256(&key)?);
Ok(Self { Ok(Self {
rng, rng,
signing_algorithm: SigningAlgorithm::Es256, signing_algorithm: SigningAlgorithm::Es256,
inner: key, inner,
thumb, thumb,
}) })
} }
@ -766,6 +747,22 @@ mod crypto {
pub(crate) use ring_like::signature::{EcdsaKeyPair, ECDSA_P256_SHA256_FIXED_SIGNING}; pub(crate) use ring_like::signature::{EcdsaKeyPair, ECDSA_P256_SHA256_FIXED_SIGNING};
pub(crate) use ring_like::signature::{KeyPair, Signature}; pub(crate) use ring_like::signature::{KeyPair, Signature};
pub(crate) use ring_like::{hmac, pkcs8}; pub(crate) use ring_like::{hmac, pkcs8};
#[cfg(feature = "aws-lc-rs")]
pub(crate) fn p256_key_pair_from_pkcs8(
pkcs8: &[u8],
_: &SystemRandom,
) -> Result<EcdsaKeyPair, KeyRejected> {
EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8)
}
#[cfg(all(feature = "ring", not(feature = "aws-lc-rs")))]
pub(crate) fn p256_key_pair_from_pkcs8(
pkcs8: &[u8],
rng: &SystemRandom,
) -> Result<EcdsaKeyPair, KeyRejected> {
EcdsaKeyPair::from_pkcs8(&ECDSA_P256_SHA256_FIXED_SIGNING, pkcs8, rng)
}
} }
const JOSE_JSON: &str = "application/jose+json"; const JOSE_JSON: &str = "application/jose+json";