From b68e461a74d04c03d779a7f5e30ddcecbdb4ec45 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 19 Mar 2024 13:48:48 -0400 Subject: [PATCH 1/2] key_pair: emphasize PKCS8 in from pem & alg constructor The `KeyPair::from_pem_and_sign_algo` fn expects PKCS8 formatted PEM as input. This commit renames the fn to `Keypair::from_pkcs8_pem_and_sign_algo` to emphasize this, and to pave the way for a more generalized fn to be added in the future. --- rcgen/src/key_pair.rs | 4 ++-- rcgen/tests/openssl.rs | 3 ++- rcgen/tests/webpki.rs | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/rcgen/src/key_pair.rs b/rcgen/src/key_pair.rs index ace1084f..4786c353 100644 --- a/rcgen/src/key_pair.rs +++ b/rcgen/src/key_pair.rs @@ -189,9 +189,9 @@ impl KeyPair { /// The key must be a DER-encoded plaintext private key; as specified in PKCS #8/RFC 5958; /// /// Appears as "PRIVATE KEY" in PEM files - /// Same as [from_pem_and_sign_algo](Self::from_pem_and_sign_algo). + /// Same as [from_pkcs8_pem_and_sign_algo](Self::from_pkcs8_pem_and_sign_algo). #[cfg(all(feature = "pem", feature = "crypto"))] - pub fn from_pem_and_sign_algo( + pub fn from_pkcs8_pem_and_sign_algo( pem_str: &str, alg: &'static SignatureAlgorithm, ) -> Result { diff --git a/rcgen/tests/openssl.rs b/rcgen/tests/openssl.rs index ee999623..ef497ceb 100644 --- a/rcgen/tests/openssl.rs +++ b/rcgen/tests/openssl.rs @@ -280,7 +280,8 @@ fn test_openssl_rsa_combinations_given() { ]; for (i, alg) in alg_list.iter().enumerate() { let (params, _) = util::default_params(); - let key_pair = KeyPair::from_pem_and_sign_algo(util::RSA_TEST_KEY_PAIR_PEM, alg).unwrap(); + let key_pair = + KeyPair::from_pkcs8_pem_and_sign_algo(util::RSA_TEST_KEY_PAIR_PEM, alg).unwrap(); let cert = params.self_signed(&key_pair).unwrap(); // Now verify the certificate. diff --git a/rcgen/tests/webpki.rs b/rcgen/tests/webpki.rs index a21f85d9..918635e5 100644 --- a/rcgen/tests/webpki.rs +++ b/rcgen/tests/webpki.rs @@ -249,7 +249,7 @@ fn test_webpki_rsa_combinations_given() { for c in configs { let (params, _) = util::default_params(); let key_pair = - rcgen::KeyPair::from_pem_and_sign_algo(util::RSA_TEST_KEY_PAIR_PEM, c.0).unwrap(); + rcgen::KeyPair::from_pkcs8_pem_and_sign_algo(util::RSA_TEST_KEY_PAIR_PEM, c.0).unwrap(); let cert = params.self_signed(&key_pair).unwrap(); // Now verify the certificate. From 921e6247ba98a0468d9fdb3c39d61338ec233859 Mon Sep 17 00:00:00 2001 From: Daniel McCarney Date: Tue, 19 Mar 2024 13:50:41 -0400 Subject: [PATCH 2/2] key_pair: emphasize PKCS8 in from der & alg constructor The `KeyPair::from_der_and_sign_algo` fn expects PKCS8 formatted DER as input. This commit renames the fn to `Keypair::from_pkcs8_der_and_sign_algo` to emphasize this, and to pave the way for a more generalized fn to be added in the future. --- rcgen/src/key_pair.rs | 4 ++-- rustls-cert-gen/src/cert.rs | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rcgen/src/key_pair.rs b/rcgen/src/key_pair.rs index 4786c353..182f60a8 100644 --- a/rcgen/src/key_pair.rs +++ b/rcgen/src/key_pair.rs @@ -197,7 +197,7 @@ impl KeyPair { ) -> Result { let private_key = pem::parse(pem_str)._err()?; let private_key_der: &[_] = private_key.contents(); - Self::from_der_and_sign_algo(&PrivatePkcs8KeyDer::from(private_key_der), alg) + Self::from_pkcs8_der_and_sign_algo(&PrivatePkcs8KeyDer::from(private_key_der), alg) } /// Obtains the key pair from a DER formatted key using the specified [`SignatureAlgorithm`] @@ -215,7 +215,7 @@ impl KeyPair { /// [`rustls_pemfile::private_key()`]: https://docs.rs/rustls-pemfile/latest/rustls_pemfile/fn.private_key.html /// [`PrivateKeyDer`]: https://docs.rs/rustls-pki-types/latest/rustls_pki_types/enum.PrivateKeyDer.html #[cfg(feature = "crypto")] - pub fn from_der_and_sign_algo( + pub fn from_pkcs8_der_and_sign_algo( pkcs8: &PrivatePkcs8KeyDer<'_>, alg: &'static SignatureAlgorithm, ) -> Result { diff --git a/rustls-cert-gen/src/cert.rs b/rustls-cert-gen/src/cert.rs index 141c3d86..14f13068 100644 --- a/rustls-cert-gen/src/cert.rs +++ b/rustls-cert-gen/src/cert.rs @@ -239,7 +239,7 @@ impl KeyPairAlgorithm { let pkcs8_bytes = Ed25519KeyPair::generate_pkcs8(&rng).or(Err(rcgen::Error::RingUnspecified))?; - rcgen::KeyPair::from_der_and_sign_algo(&pkcs8_bytes.as_ref().into(), alg) + rcgen::KeyPair::from_pkcs8_der_and_sign_algo(&pkcs8_bytes.as_ref().into(), alg) }, KeyPairAlgorithm::EcdsaP256 => { use ring::signature::EcdsaKeyPair; @@ -250,7 +250,7 @@ impl KeyPairAlgorithm { let pkcs8_bytes = EcdsaKeyPair::generate_pkcs8(&ECDSA_P256_SHA256_ASN1_SIGNING, &rng) .or(Err(rcgen::Error::RingUnspecified))?; - rcgen::KeyPair::from_der_and_sign_algo(&pkcs8_bytes.as_ref().into(), alg) + rcgen::KeyPair::from_pkcs8_der_and_sign_algo(&pkcs8_bytes.as_ref().into(), alg) }, KeyPairAlgorithm::EcdsaP384 => { use ring::signature::EcdsaKeyPair; @@ -262,7 +262,7 @@ impl KeyPairAlgorithm { EcdsaKeyPair::generate_pkcs8(&ECDSA_P384_SHA384_ASN1_SIGNING, &rng) .or(Err(rcgen::Error::RingUnspecified))?; - rcgen::KeyPair::from_der_and_sign_algo(&pkcs8_bytes.as_ref().into(), alg) + rcgen::KeyPair::from_pkcs8_der_and_sign_algo(&pkcs8_bytes.as_ref().into(), alg) }, } }