pkcs5: downstream api changes (#1196)

Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
RustCrypto · Aug 28, 2023 · 15e5b44 · 15e5b44
1 parent 6d237b6
commit 15e5b44
Show file tree

Hide file tree

Showing 11 changed files with 24 additions and 18 deletions.
diff --git a/.github/workflows/cms.yml b/.github/workflows/cms.yml
@@ -42,6 +42,9 @@ jobs:
       - run: cargo hack build --target ${{ matrix.target }} --feature-powerset --exclude-features arbitrary,default,std,builder
 
   minimal-versions:
+    # Temporarily disabled until pkcs8 0.8.0-pre gets published
+    # see #1196
+    if: false
     uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master
     with:
         working-directory: ${{ github.workflow }}

diff --git a/.github/workflows/pkcs8.yml b/.github/workflows/pkcs8.yml
@@ -43,6 +43,9 @@ jobs:
       - run: cargo hack build --target ${{ matrix.target }} --feature-powerset --exclude-features getrandom,std,rand
 
   minimal-versions:
+    # Temporarily disabled until pkcs8 0.8.0-pre gets published
+    # see #1196
+    if: false
     uses: RustCrypto/actions/.github/workflows/minimal-versions.yml@master
     with:
         working-directory: ${{ github.workflow }}

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/cms/Cargo.toml b/cms/Cargo.toml
@@ -34,8 +34,8 @@ zeroize = { version = "1.6.0", optional = true }
 getrandom = "0.2"
 hex-literal = "0.4"
 pem-rfc7468 = "0.7.0"
-pkcs5 = { version = "0.7" }
-rand = { version = "0.8.5" }
+pkcs5 = "0.8.0-pre"
+rand = "0.8.5"
 rsa = { version = "0.9.2", features = ["sha2"] }
 ecdsa = { version = "0.16.8", features = ["digest", "pem"] }
 p256 = "0.13.0"

diff --git a/cms/tests/enveloped_data.rs b/cms/tests/enveloped_data.rs
@@ -223,7 +223,7 @@ fn reencode_enveloped_data_pwri_test() {
                 );
                 let enc_pbkdf2 = kdf_alg.parameters.as_ref().unwrap().to_der().unwrap();
                 let pbkdf2 = Pbkdf2Params::from_der(enc_pbkdf2.as_slice()).unwrap();
-                assert_eq!(hex!("7F EE A8 FD 56 8E 8F 07"), pbkdf2.salt);
+                assert_eq!(hex!("7F EE A8 FD 56 8E 8F 07"), pbkdf2.salt.as_ref());
                 assert_eq!(2048, pbkdf2.iteration_count);
                 assert_eq!(
                     ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.3.9"),
@@ -443,7 +443,7 @@ fn reencode_enveloped_data_multi_test() {
                 );
                 let enc_pbkdf2 = kdf_alg.parameters.as_ref().unwrap().to_der().unwrap();
                 let pbkdf2 = Pbkdf2Params::from_der(enc_pbkdf2.as_slice()).unwrap();
-                assert_eq!(hex!("39 04 A7 33 A0 6A 1B 27"), pbkdf2.salt);
+                assert_eq!(hex!("39 04 A7 33 A0 6A 1B 27"), pbkdf2.salt.as_ref());
                 assert_eq!(2048, pbkdf2.iteration_count);
                 assert_eq!(
                     ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.16.3.9"),

diff --git a/cms/tests/tests_from_pkcs7_crate.rs b/cms/tests/tests_from_pkcs7_crate.rs
@@ -40,7 +40,7 @@ fn cms_decode_encrypted_key_example() {
         .to_der()
         .unwrap();
     let pbkdf2 = Pbkdf2Params::from_der(enc_pbkdf2.as_slice()).unwrap();
-    assert_eq!(hex!("ad2d4b4e87b34d67"), pbkdf2.salt);
+    assert_eq!(hex!("ad2d4b4e87b34d67"), pbkdf2.salt.as_ref());
     assert_eq!(2048, pbkdf2.iteration_count);
     assert_eq!(
         552u32,

diff --git a/pkcs5/Cargo.toml b/pkcs5/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "pkcs5"
-version = "0.7.1"
+version = "0.8.0-pre"
 description = """
 Pure Rust implementation of Public-Key Cryptography Standards (PKCS) #5:
 Password-Based Cryptography Specification Version 2.1 (RFC 8018)

diff --git a/pkcs8/Cargo.toml b/pkcs8/Cargo.toml
@@ -21,7 +21,7 @@ spki = { version = "0.7.1" }
 
 # optional dependencies
 rand_core = { version = "0.6", optional = true, default-features = false }
-pkcs5 = { version = "0.7", optional = true }
+pkcs5 = { version = "0.8.0-pre", optional = true }
 subtle = { version = "2", optional = true, default-features = false }
 
 [dev-dependencies]

diff --git a/pkcs8/src/encrypted_private_key_info.rs b/pkcs8/src/encrypted_private_key_info.rs
@@ -43,7 +43,7 @@ use der::pem::PemLabel;
 pub struct EncryptedPrivateKeyInfo<'a> {
     /// Algorithm identifier describing a password-based symmetric encryption
     /// scheme used to encrypt the `encrypted_data` field.
-    pub encryption_algorithm: EncryptionScheme<'a>,
+    pub encryption_algorithm: EncryptionScheme,
 
     /// Private key data
     pub encrypted_data: &'a [u8],
@@ -74,15 +74,15 @@ impl<'a> EncryptedPrivateKeyInfo<'a> {
         let mut iv = [0u8; 16];
         rng.fill_bytes(&mut iv);
 
-        let pbes2_params = pbes2::Parameters::scrypt_aes256cbc(Default::default(), &salt, &iv)?;
+        let pbes2_params = pbes2::Parameters::scrypt_aes256cbc(Default::default(), &salt, iv)?;
         EncryptedPrivateKeyInfo::encrypt_with(pbes2_params, password, doc)
     }
 
     /// Encrypt this private key using a symmetric encryption key derived
     /// from the provided password and [`pbes2::Parameters`].
     #[cfg(feature = "encryption")]
     pub(crate) fn encrypt_with(
-        pbes2_params: pbes2::Parameters<'a>,
+        pbes2_params: pbes2::Parameters,
         password: impl AsRef<[u8]>,
         doc: &[u8],
     ) -> Result<SecretDocument> {

diff --git a/pkcs8/src/private_key_info.rs b/pkcs8/src/private_key_info.rs
@@ -149,7 +149,7 @@ impl<'a> PrivateKeyInfo<'a> {
     #[cfg(feature = "encryption")]
     pub fn encrypt_with_params(
         &self,
-        pbes2_params: pbes2::Parameters<'_>,
+        pbes2_params: pbes2::Parameters,
         password: impl AsRef<[u8]>,
     ) -> Result<SecretDocument> {
         let der = Zeroizing::new(self.to_der()?);

diff --git a/pkcs8/tests/encrypted_private_key.rs b/pkcs8/tests/encrypted_private_key.rs
@@ -89,14 +89,14 @@ fn decode_ed25519_encpriv_aes128_pbkdf2_sha1_der() {
     let pbes2_params = pk.encryption_algorithm.pbes2().unwrap();
     let pbkdf2_params = pbes2_params.kdf.pbkdf2().unwrap();
 
-    assert_eq!(pbkdf2_params.salt, hex!("e8765e01e43b6bad"));
+    assert_eq!(pbkdf2_params.salt.as_ref(), hex!("e8765e01e43b6bad"));
     assert_eq!(pbkdf2_params.iteration_count, 2048);
     assert_eq!(pbkdf2_params.key_length, None);
     assert_eq!(pbkdf2_params.prf, pbes2::Pbkdf2Prf::HmacWithSha1);
 
     match pbes2_params.encryption {
         pbes2::EncryptionScheme::Aes128Cbc { iv } => {
-            assert_eq!(iv, &hex!("223080a71bcd2b9a256d876c924979d2"));
+            assert_eq!(iv, hex!("223080a71bcd2b9a256d876c924979d2"));
         }
         other => panic!("unexpected encryption scheme: {:?}", other),
     }
@@ -121,14 +121,14 @@ fn decode_ed25519_encpriv_aes256_pbkdf2_sha256_der() {
     let pbes2_params = pk.encryption_algorithm.pbes2().unwrap();
     let pbkdf2_params = pbes2_params.kdf.pbkdf2().unwrap();
 
-    assert_eq!(pbkdf2_params.salt, hex!("79d982e70df91a88"));
+    assert_eq!(pbkdf2_params.salt.as_ref(), hex!("79d982e70df91a88"));
     assert_eq!(pbkdf2_params.iteration_count, 2048);
     assert_eq!(pbkdf2_params.key_length, None);
     assert_eq!(pbkdf2_params.prf, pbes2::Pbkdf2Prf::HmacWithSha256);
 
     match pbes2_params.encryption {
         pbes2::EncryptionScheme::Aes256Cbc { iv } => {
-            assert_eq!(iv, &hex!("b2d02d78b2efd9dff694cf8e0af40925"));
+            assert_eq!(iv, hex!("b2d02d78b2efd9dff694cf8e0af40925"));
         }
         other => panic!("unexpected encryption scheme: {:?}", other),
     }
@@ -164,7 +164,7 @@ fn encrypt_ed25519_der_encpriv_aes256_pbkdf2_sha256() {
     let pbes2_params = pkcs5::pbes2::Parameters::pbkdf2_sha256_aes256cbc(
         2048,
         &hex!("79d982e70df91a88"),
-        &hex!("b2d02d78b2efd9dff694cf8e0af40925"),
+        hex!("b2d02d78b2efd9dff694cf8e0af40925"),
     )
     .unwrap();
 
@@ -185,7 +185,7 @@ fn encrypt_ed25519_der_encpriv_aes256_scrypt() {
     let scrypt_params = pkcs5::pbes2::Parameters::scrypt_aes256cbc(
         pkcs5::scrypt::Params::new(15, 8, 1, 32).unwrap(),
         &hex!("E6211E2348AD69E0"),
-        &hex!("9BD0A6251F2254F9FD5963887C27CF01"),
+        hex!("9BD0A6251F2254F9FD5963887C27CF01"),
     )
     .unwrap();