Use AlgorithmIdentifier values from rustls-pki-types

Cargo.toml

@@ -54,8 +54,6 @@ include = [
     "src/verify_cert.rs",
     "src/lib.rs",
 
-    "src/data/**/*",
-
     "tests/**",
 ]
 
@@ -82,7 +80,7 @@ std = ["alloc", "pki-types/std"]
 
 [dependencies]
 aws-lc-rs = { version = "1.9", optional = true, default-features = false }
-pki-types = { package = "rustls-pki-types", version = "1.7", default-features = false }
+pki-types = { package = "rustls-pki-types", version = "1.11", default-features = false }
 ring = { version = "0.17", default-features = false, optional = true }
 untrusted = "0.9"
 

src/aws_lc_rs_algs.rs

@@ -1,7 +1,5 @@
 use aws_lc_rs::{signature, try_fips_mode};
-use pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm};
-
-use crate::signed_data::alg_id;
+use pki_types::{alg_id, AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm};
 
 // nb. aws-lc-rs has an API that is broadly compatible with *ring*,
 // so this is very similar to ring_algs.rs.

src/lib.rs

@@ -81,7 +81,6 @@ pub use {
     end_entity::EndEntityCert,
     error::{DerTypeId, Error, InvalidNameContext},
     rpk_entity::RawPublicKeyEntity,
-    signed_data::alg_id,
     trust_anchor::anchor_from_trusted_cert,
     verify_cert::KeyUsage,
     verify_cert::VerifiedPath,

src/ring_algs.rs

@@ -12,11 +12,9 @@
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-use pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm};
+use pki_types::{alg_id, AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm};
 use ring::signature;
 
-use crate::signed_data::alg_id;
-
 /// A `SignatureVerificationAlgorithm` implemented using *ring*.
 #[derive(Debug)]
 struct RingAlgorithm {

src/signed_data.rs

@@ -16,7 +16,7 @@ use crate::der::{self, FromDer};
 use crate::error::{DerTypeId, Error};
 use crate::verify_cert::Budget;
 
-use pki_types::{AlgorithmIdentifier, SignatureVerificationAlgorithm};
+use pki_types::SignatureVerificationAlgorithm;
 
 #[cfg(feature = "alloc")]
 use alloc::vec::Vec;
@@ -249,81 +249,3 @@ impl<'a> FromDer<'a> for SubjectPublicKeyInfo<'a> {
 
     const TYPE_ID: DerTypeId = DerTypeId::SubjectPublicKeyInfo;
 }
-
-/// Encodings of the PKIX AlgorithmIdentifier type.
-///
-/// This module contains a set of common values, and exists to keep the
-/// names of these separate from the actual algorithm implementations.
-pub mod alg_id {
-    use super::AlgorithmIdentifier;
-
-    // See src/data/README.md.
-
-    /// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp256r1`.
-    pub const ECDSA_P256: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p256.der"));
-
-    /// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp384r1`.
-    pub const ECDSA_P384: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p384.der"));
-
-    /// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp521r1`.
-    pub const ECDSA_P521: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p521.der"));
-
-    /// AlgorithmIdentifier for `ecdsa-with-SHA256`.
-    pub const ECDSA_SHA256: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha256.der"));
-
-    /// AlgorithmIdentifier for `ecdsa-with-SHA384`.
-    pub const ECDSA_SHA384: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha384.der"));
-
-    /// AlgorithmIdentifier for `ecdsa-with-SHA512`.
-    pub const ECDSA_SHA512: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha512.der"));
-
-    /// AlgorithmIdentifier for `rsaEncryption`.
-    pub const RSA_ENCRYPTION: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-encryption.der"));
-
-    /// AlgorithmIdentifier for `sha256WithRSAEncryption`.
-    pub const RSA_PKCS1_SHA256: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha256.der"));
-
-    /// AlgorithmIdentifier for `sha384WithRSAEncryption`.
-    pub const RSA_PKCS1_SHA384: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha384.der"));
-
-    /// AlgorithmIdentifier for `sha512WithRSAEncryption`.
-    pub const RSA_PKCS1_SHA512: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha512.der"));
-
-    /// AlgorithmIdentifier for `rsassaPss` with:
-    ///
-    /// - hashAlgorithm: sha256
-    /// - maskGenAlgorithm: mgf1 with sha256
-    /// - saltLength: 32
-    pub const RSA_PSS_SHA256: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha256.der"));
-
-    /// AlgorithmIdentifier for `rsassaPss` with:
-    ///
-    /// - hashAlgorithm: sha384
-    /// - maskGenAlgorithm: mgf1 with sha384
-    /// - saltLength: 48
-    pub const RSA_PSS_SHA384: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha384.der"));
-
-    /// AlgorithmIdentifier for `rsassaPss` with:
-    ///
-    /// - hashAlgorithm: sha512
-    /// - maskGenAlgorithm: mgf1 with sha512
-    /// - saltLength: 64
-    pub const RSA_PSS_SHA512: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha512.der"));
-
-    /// AlgorithmIdentifier for `ED25519`.
-    pub const ED25519: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ed25519.der"));
-}