diff options
| author | Divy Srivastava <dj.srivastava23@gmail.com> | 2023-10-30 08:25:12 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-30 16:25:12 +0100 |
| commit | 02cc37e05494e576ea8e120b9fe21b447da9546b (patch) | |
| tree | 746651ad336b663dd21923749d57db9313060c9e /ext/crypto | |
| parent | f3b580d001cfed0c6df55c5be3f89b4e58719421 (diff) | |
chore: upgrade rsa to 0.9 (#21016)
Diffstat (limited to 'ext/crypto')
| -rw-r--r-- | ext/crypto/00_crypto.js | 1 | ||||
| -rw-r--r-- | ext/crypto/decrypt.rs | 26 | ||||
| -rw-r--r-- | ext/crypto/ed25519.rs | 18 | ||||
| -rw-r--r-- | ext/crypto/encrypt.rs | 27 | ||||
| -rw-r--r-- | ext/crypto/export_key.rs | 20 | ||||
| -rw-r--r-- | ext/crypto/import_key.rs | 41 | ||||
| -rw-r--r-- | ext/crypto/lib.rs | 87 | ||||
| -rw-r--r-- | ext/crypto/shared.rs | 2 | ||||
| -rw-r--r-- | ext/crypto/x25519.rs | 18 |
9 files changed, 142 insertions, 98 deletions
diff --git a/ext/crypto/00_crypto.js b/ext/crypto/00_crypto.js index de4ad07e1..7e1fac49f 100644 --- a/ext/crypto/00_crypto.js +++ b/ext/crypto/00_crypto.js @@ -1313,6 +1313,7 @@ class SubtleCrypto { algorithm: "RSA-PSS", hash: hashAlgorithm, signature, + saltLength: normalizedAlgorithm.saltLength, }, data); } case "HMAC": { diff --git a/ext/crypto/decrypt.rs b/ext/crypto/decrypt.rs index 551f33972..1532d4328 100644 --- a/ext/crypto/decrypt.rs +++ b/ext/crypto/decrypt.rs @@ -24,9 +24,7 @@ use deno_core::unsync::spawn_blocking; use deno_core::JsBuffer; use deno_core::ToJsBuffer; use rsa::pkcs1::DecodeRsaPrivateKey; -use rsa::PaddingScheme; use serde::Deserialize; -use sha1::Digest; use sha1::Sha1; use sha2::Sha256; use sha2::Sha384; @@ -117,24 +115,24 @@ fn decrypt_rsa_oaep( let label = Some(String::from_utf8_lossy(&label).to_string()); let padding = match hash { - ShaHash::Sha1 => PaddingScheme::OAEP { - digest: Box::new(Sha1::new()), - mgf_digest: Box::new(Sha1::new()), + ShaHash::Sha1 => rsa::Oaep { + digest: Box::<Sha1>::default(), + mgf_digest: Box::<Sha1>::default(), label, }, - ShaHash::Sha256 => PaddingScheme::OAEP { - digest: Box::new(Sha256::new()), - mgf_digest: Box::new(Sha256::new()), + ShaHash::Sha256 => rsa::Oaep { + digest: Box::<Sha256>::default(), + mgf_digest: Box::<Sha256>::default(), label, }, - ShaHash::Sha384 => PaddingScheme::OAEP { - digest: Box::new(Sha384::new()), - mgf_digest: Box::new(Sha384::new()), + ShaHash::Sha384 => rsa::Oaep { + digest: Box::<Sha384>::default(), + mgf_digest: Box::<Sha384>::default(), label, }, - ShaHash::Sha512 => PaddingScheme::OAEP { - digest: Box::new(Sha512::new()), - mgf_digest: Box::new(Sha512::new()), + ShaHash::Sha512 => rsa::Oaep { + digest: Box::<Sha512>::default(), + mgf_digest: Box::<Sha512>::default(), label, }, }; diff --git a/ext/crypto/ed25519.rs b/ext/crypto/ed25519.rs index e2a0ce408..874eb74b0 100644 --- a/ext/crypto/ed25519.rs +++ b/ext/crypto/ed25519.rs @@ -2,6 +2,7 @@ use base64::prelude::BASE64_URL_SAFE_NO_PAD; use base64::Engine; +use deno_core::error::custom_error; use deno_core::error::AnyError; use deno_core::op2; use deno_core::ToJsBuffer; @@ -123,7 +124,14 @@ pub fn op_crypto_export_spki_ed25519( }, subject_public_key: pubkey, }; - Ok(key_info.to_vec()?.into()) + Ok( + key_info + .to_vec() + .map_err(|_| { + custom_error("DOMExceptionOperationError", "Failed to export key") + })? + .into(), + ) } #[op2] @@ -131,10 +139,12 @@ pub fn op_crypto_export_spki_ed25519( pub fn op_crypto_export_pkcs8_ed25519( #[buffer] pkey: &[u8], ) -> Result<ToJsBuffer, AnyError> { + use rsa::pkcs1::der::Encode; + // This should probably use OneAsymmetricKey instead let pk_info = rsa::pkcs8::PrivateKeyInfo { public_key: None, - algorithm: rsa::pkcs8::AlgorithmIdentifier { + algorithm: rsa::pkcs8::AlgorithmIdentifierRef { // id-Ed25519 oid: ED25519_OID, parameters: None, @@ -142,7 +152,9 @@ pub fn op_crypto_export_pkcs8_ed25519( private_key: pkey, // OCTET STRING }; - Ok(pk_info.to_vec()?.into()) + let mut buf = Vec::new(); + pk_info.encode_to_vec(&mut buf)?; + Ok(buf.into()) } // 'x' from Section 2 of RFC 8037 diff --git a/ext/crypto/encrypt.rs b/ext/crypto/encrypt.rs index b263873e4..b5eef46dc 100644 --- a/ext/crypto/encrypt.rs +++ b/ext/crypto/encrypt.rs @@ -24,10 +24,7 @@ use deno_core::JsBuffer; use deno_core::ToJsBuffer; use rand::rngs::OsRng; use rsa::pkcs1::DecodeRsaPublicKey; -use rsa::PaddingScheme; -use rsa::PublicKey; use serde::Deserialize; -use sha1::Digest; use sha1::Sha1; use sha2::Sha256; use sha2::Sha384; @@ -119,24 +116,24 @@ fn encrypt_rsa_oaep( .map_err(|_| operation_error("failed to decode public key"))?; let mut rng = OsRng; let padding = match hash { - ShaHash::Sha1 => PaddingScheme::OAEP { - digest: Box::new(Sha1::new()), - mgf_digest: Box::new(Sha1::new()), + ShaHash::Sha1 => rsa::Oaep { + digest: Box::<Sha1>::default(), + mgf_digest: Box::<Sha1>::default(), label: Some(label), }, - ShaHash::Sha256 => PaddingScheme::OAEP { - digest: Box::new(Sha256::new()), - mgf_digest: Box::new(Sha256::new()), + ShaHash::Sha256 => rsa::Oaep { + digest: Box::<Sha256>::default(), + mgf_digest: Box::<Sha256>::default(), label: Some(label), }, - ShaHash::Sha384 => PaddingScheme::OAEP { - digest: Box::new(Sha384::new()), - mgf_digest: Box::new(Sha384::new()), + ShaHash::Sha384 => rsa::Oaep { + digest: Box::<Sha384>::default(), + mgf_digest: Box::<Sha384>::default(), label: Some(label), }, - ShaHash::Sha512 => PaddingScheme::OAEP { - digest: Box::new(Sha512::new()), - mgf_digest: Box::new(Sha512::new()), + ShaHash::Sha512 => rsa::Oaep { + digest: Box::<Sha512>::default(), + mgf_digest: Box::<Sha512>::default(), label: Some(label), }, }; diff --git a/ext/crypto/export_key.rs b/ext/crypto/export_key.rs index a34c40402..4ba30fbaa 100644 --- a/ext/crypto/export_key.rs +++ b/ext/crypto/export_key.rs @@ -10,12 +10,12 @@ use deno_core::op2; use deno_core::ToJsBuffer; use elliptic_curve::sec1::ToEncodedPoint; use p256::pkcs8::DecodePrivateKey; -use rsa::pkcs1::UIntRef; +use rsa::pkcs1::der::Decode; +use rsa::pkcs8::der::asn1::UintRef; +use rsa::pkcs8::der::Encode; use serde::Deserialize; use serde::Serialize; use spki::der::asn1; -use spki::der::Decode; -use spki::der::Encode; use spki::AlgorithmIdentifier; use crate::shared::*; @@ -112,7 +112,7 @@ pub fn op_crypto_export_key( } } -fn uint_to_b64(bytes: UIntRef) -> String { +fn uint_to_b64(bytes: UintRef) -> String { BASE64_URL_SAFE_NO_PAD.encode(bytes.as_bytes()) } @@ -126,6 +126,7 @@ fn export_key_rsa( ) -> Result<ExportKeyResult, deno_core::anyhow::Error> { match format { ExportKeyFormat::Spki => { + use spki::der::Encode; let subject_public_key = &key_data.as_rsa_public_key()?; // the SPKI structure @@ -158,18 +159,21 @@ fn export_key_rsa( let pk_info = rsa::pkcs8::PrivateKeyInfo { public_key: None, - algorithm: rsa::pkcs8::AlgorithmIdentifier { + algorithm: rsa::pkcs8::AlgorithmIdentifierRef { // rsaEncryption(1) oid: rsa::pkcs8::ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.1"), // parameters field should not be omitted (None). // It MUST have ASN.1 type NULL as per defined in RFC 3279 Section 2.3.1 - parameters: Some(asn1::AnyRef::from(asn1::Null)), + parameters: Some(rsa::pkcs8::der::asn1::AnyRef::from( + rsa::pkcs8::der::asn1::Null, + )), }, private_key, }; // Infallible because we know the private key is valid. - let pkcs8_der = pk_info.to_vec().unwrap(); + let mut pkcs8_der = Vec::new(); + pk_info.encode_to_vec(&mut pkcs8_der)?; Ok(ExportKeyResult::Pkcs8(pkcs8_der.into())) } @@ -255,6 +259,8 @@ fn export_key_ec( Ok(ExportKeyResult::Raw(subject_public_key.into())) } ExportKeyFormat::Spki => { + use spki::der::Encode; + let subject_public_key = match named_curve { EcNamedCurve::P256 => { let point = key_data.as_ec_public_key_p256()?; diff --git a/ext/crypto/import_key.rs b/ext/crypto/import_key.rs index 8ef73a8c4..5f7c214ea 100644 --- a/ext/crypto/import_key.rs +++ b/ext/crypto/import_key.rs @@ -8,11 +8,11 @@ use deno_core::ToJsBuffer; use elliptic_curve::pkcs8::PrivateKeyInfo; use p256::pkcs8::EncodePrivateKey; use ring::signature::EcdsaKeyPair; -use rsa::pkcs1::UIntRef; +use rsa::pkcs1::UintRef; +use rsa::pkcs8::der::Encode; use serde::Deserialize; use serde::Serialize; use spki::der::Decode; -use spki::der::Encode; use crate::key::CryptoNamedCurve; use crate::shared::*; @@ -121,7 +121,7 @@ macro_rules! jwt_b64_int_or_err { let bytes = BASE64_URL_SAFE_FORGIVING .decode($b64) .map_err(|_| data_error($err))?; - let $name = UIntRef::new(&bytes).map_err(|_| data_error($err))?; + let $name = UintRef::new(&bytes).map_err(|_| data_error($err))?; }; } @@ -138,9 +138,11 @@ fn import_key_rsa_jwk( public_exponent, }; - let data = public_key - .to_vec() + let mut data = Vec::new(); + public_key + .encode_to_vec(&mut data) .map_err(|_| data_error("invalid rsa public key"))?; + let public_exponent = public_key.public_exponent.as_bytes().to_vec().into(); let modulus_length = public_key.modulus.as_bytes().len() * 8; @@ -182,8 +184,9 @@ fn import_key_rsa_jwk( other_prime_infos: None, }; - let data = private_key - .to_vec() + let mut data = Vec::new(); + private_key + .encode_to_vec(&mut data) .map_err(|_| data_error("invalid rsa private key"))?; let public_exponent = @@ -203,6 +206,8 @@ fn import_key_rsa_jwk( fn import_key_rsassa( key_data: KeyData, ) -> Result<ImportKeyResult, deno_core::anyhow::Error> { + use rsa::pkcs1::der::Decode; + match key_data { KeyData::Spki(data) => { // 2-3. @@ -227,7 +232,7 @@ fn import_key_rsassa( .map_err(|e| data_error(e.to_string()))?; if bytes_consumed - != spki::der::Length::new(pk_info.subject_public_key.len() as u16) + != rsa::pkcs1::der::Length::new(pk_info.subject_public_key.len() as u16) { return Err(data_error("public key is invalid (too long)")); } @@ -266,7 +271,7 @@ fn import_key_rsassa( .map_err(|e| data_error(e.to_string()))?; if bytes_consumed - != spki::der::Length::new(pk_info.private_key.len() as u16) + != rsa::pkcs1::der::Length::new(pk_info.private_key.len() as u16) { return Err(data_error("private key is invalid (too long)")); } @@ -292,6 +297,8 @@ fn import_key_rsassa( fn import_key_rsapss( key_data: KeyData, ) -> Result<ImportKeyResult, deno_core::anyhow::Error> { + use rsa::pkcs1::der::Decode; + match key_data { KeyData::Spki(data) => { // 2-3. @@ -316,7 +323,7 @@ fn import_key_rsapss( .map_err(|e| data_error(e.to_string()))?; if bytes_consumed - != spki::der::Length::new(pk_info.subject_public_key.len() as u16) + != rsa::pkcs1::der::Length::new(pk_info.subject_public_key.len() as u16) { return Err(data_error("public key is invalid (too long)")); } @@ -355,7 +362,7 @@ fn import_key_rsapss( .map_err(|e| data_error(e.to_string()))?; if bytes_consumed - != spki::der::Length::new(pk_info.private_key.len() as u16) + != rsa::pkcs1::der::Length::new(pk_info.private_key.len() as u16) { return Err(data_error("private key is invalid (too long)")); } @@ -381,6 +388,8 @@ fn import_key_rsapss( fn import_key_rsaoaep( key_data: KeyData, ) -> Result<ImportKeyResult, deno_core::anyhow::Error> { + use rsa::pkcs1::der::Decode; + match key_data { KeyData::Spki(data) => { // 2-3. @@ -405,7 +414,7 @@ fn import_key_rsaoaep( .map_err(|e| data_error(e.to_string()))?; if bytes_consumed - != spki::der::Length::new(pk_info.subject_public_key.len() as u16) + != rsa::pkcs1::der::Length::new(pk_info.subject_public_key.len() as u16) { return Err(data_error("public key is invalid (too long)")); } @@ -444,7 +453,7 @@ fn import_key_rsaoaep( .map_err(|e| data_error(e.to_string()))?; if bytes_consumed - != spki::der::Length::new(pk_info.private_key.len() as u16) + != rsa::pkcs1::der::Length::new(pk_info.private_key.len() as u16) { return Err(data_error("private key is invalid (too long)")); } @@ -534,13 +543,15 @@ fn import_key_ec_jwk( let d = decode_b64url_to_field_bytes::<p256::NistP256>(&d)?; let pk = p256::SecretKey::from_be_bytes(&d)?; - pk.to_pkcs8_der()? + pk.to_pkcs8_der() + .map_err(|_| data_error("invalid JWK private key"))? } EcNamedCurve::P384 => { let d = decode_b64url_to_field_bytes::<p384::NistP384>(&d)?; let pk = p384::SecretKey::from_be_bytes(&d)?; - pk.to_pkcs8_der()? + pk.to_pkcs8_der() + .map_err(|_| data_error("invalid JWK private key"))? } EcNamedCurve::P521 => { return Err(data_error("Unsupported named curve")) diff --git a/ext/crypto/lib.rs b/ext/crypto/lib.rs index 87b9702ce..4666c54ac 100644 --- a/ext/crypto/lib.rs +++ b/ext/crypto/lib.rs @@ -38,15 +38,18 @@ use ring::signature::EcdsaVerificationAlgorithm; use ring::signature::KeyPair; use rsa::pkcs1::DecodeRsaPrivateKey; use rsa::pkcs1::DecodeRsaPublicKey; +use rsa::signature::SignatureEncoding; +use rsa::signature::Signer; +use rsa::signature::Verifier; +use rsa::traits::SignatureScheme; +use rsa::Pss; use rsa::RsaPrivateKey; use rsa::RsaPublicKey; use sha1::Sha1; +use sha2::Digest; use sha2::Sha256; use sha2::Sha384; use sha2::Sha512; -use signature::RandomizedSigner; -use signature::Signer; -use signature::Verifier; use std::num::NonZeroU32; use std::path::PathBuf; @@ -207,26 +210,25 @@ pub async fn op_crypto_sign_key( .ok_or_else(|| type_error("Missing argument hash".to_string()))? { CryptoHash::Sha1 => { - let signing_key = SigningKey::<Sha1>::new_with_prefix(private_key); + let signing_key = SigningKey::<Sha1>::new(private_key); signing_key.sign(data) } CryptoHash::Sha256 => { - let signing_key = SigningKey::<Sha256>::new_with_prefix(private_key); + let signing_key = SigningKey::<Sha256>::new(private_key); signing_key.sign(data) } CryptoHash::Sha384 => { - let signing_key = SigningKey::<Sha384>::new_with_prefix(private_key); + let signing_key = SigningKey::<Sha384>::new(private_key); signing_key.sign(data) } CryptoHash::Sha512 => { - let signing_key = SigningKey::<Sha512>::new_with_prefix(private_key); + let signing_key = SigningKey::<Sha512>::new(private_key); signing_key.sign(data) } } .to_vec() } Algorithm::RsaPss => { - use rsa::pss::SigningKey; let private_key = RsaPrivateKey::from_pkcs1_der(&args.key.data)?; let salt_len = args @@ -234,30 +236,30 @@ pub async fn op_crypto_sign_key( .ok_or_else(|| type_error("Missing argument saltLength".to_string()))? as usize; - let rng = OsRng; + let mut rng = OsRng; match args .hash .ok_or_else(|| type_error("Missing argument hash".to_string()))? { CryptoHash::Sha1 => { - let signing_key = - SigningKey::<Sha1>::new_with_salt_len(private_key, salt_len); - signing_key.sign_with_rng(rng, data) + let signing_key = Pss::new_with_salt::<Sha1>(salt_len); + let hashed = Sha1::digest(data); + signing_key.sign(Some(&mut rng), &private_key, &hashed)? } CryptoHash::Sha256 => { - let signing_key = - SigningKey::<Sha256>::new_with_salt_len(private_key, salt_len); - signing_key.sign_with_rng(rng, data) + let signing_key = Pss::new_with_salt::<Sha256>(salt_len); + let hashed = Sha256::digest(data); + signing_key.sign(Some(&mut rng), &private_key, &hashed)? } CryptoHash::Sha384 => { - let signing_key = - SigningKey::<Sha384>::new_with_salt_len(private_key, salt_len); - signing_key.sign_with_rng(rng, data) + let signing_key = Pss::new_with_salt::<Sha384>(salt_len); + let hashed = Sha384::digest(data); + signing_key.sign(Some(&mut rng), &private_key, &hashed)? } CryptoHash::Sha512 => { - let signing_key = - SigningKey::<Sha512>::new_with_salt_len(private_key, salt_len); - signing_key.sign_with_rng(rng, data) + let signing_key = Pss::new_with_salt::<Sha512>(salt_len); + let hashed = Sha512::digest(data); + signing_key.sign(Some(&mut rng), &private_key, &hashed)? } } .to_vec() @@ -301,6 +303,7 @@ pub async fn op_crypto_sign_key( pub struct VerifyArg { key: KeyData, algorithm: Algorithm, + salt_length: Option<u32>, hash: Option<CryptoHash>, signature: JsBuffer, named_curve: Option<CryptoNamedCurve>, @@ -319,57 +322,61 @@ pub async fn op_crypto_verify_key( use rsa::pkcs1v15::Signature; use rsa::pkcs1v15::VerifyingKey; let public_key = read_rsa_public_key(args.key)?; - let signature: Signature = args.signature.to_vec().into(); + let signature: Signature = args.signature.as_ref().try_into()?; match args .hash .ok_or_else(|| type_error("Missing argument hash".to_string()))? { CryptoHash::Sha1 => { - let verifying_key = VerifyingKey::<Sha1>::new_with_prefix(public_key); + let verifying_key = VerifyingKey::<Sha1>::new(public_key); verifying_key.verify(data, &signature).is_ok() } CryptoHash::Sha256 => { - let verifying_key = - VerifyingKey::<Sha256>::new_with_prefix(public_key); + let verifying_key = VerifyingKey::<Sha256>::new(public_key); verifying_key.verify(data, &signature).is_ok() } CryptoHash::Sha384 => { - let verifying_key = - VerifyingKey::<Sha384>::new_with_prefix(public_key); + let verifying_key = VerifyingKey::<Sha384>::new(public_key); verifying_key.verify(data, &signature).is_ok() } CryptoHash::Sha512 => { - let verifying_key = - VerifyingKey::<Sha512>::new_with_prefix(public_key); + let verifying_key = VerifyingKey::<Sha512>::new(public_key); verifying_key.verify(data, &signature).is_ok() } } } Algorithm::RsaPss => { - use rsa::pss::Signature; - use rsa::pss::VerifyingKey; let public_key = read_rsa_public_key(args.key)?; - let signature: Signature = args.signature.to_vec().into(); + let signature = args.signature.as_ref(); + + let salt_len = args + .salt_length + .ok_or_else(|| type_error("Missing argument saltLength".to_string()))? + as usize; match args .hash .ok_or_else(|| type_error("Missing argument hash".to_string()))? { CryptoHash::Sha1 => { - let verifying_key: VerifyingKey<Sha1> = public_key.into(); - verifying_key.verify(data, &signature).is_ok() + let pss = Pss::new_with_salt::<Sha1>(salt_len); + let hashed = Sha1::digest(data); + pss.verify(&public_key, &hashed, signature).is_ok() } CryptoHash::Sha256 => { - let verifying_key: VerifyingKey<Sha256> = public_key.into(); - verifying_key.verify(data, &signature).is_ok() + let pss = Pss::new_with_salt::<Sha256>(salt_len); + let hashed = Sha256::digest(data); + pss.verify(&public_key, &hashed, signature).is_ok() } CryptoHash::Sha384 => { - let verifying_key: VerifyingKey<Sha384> = public_key.into(); - verifying_key.verify(data, &signature).is_ok() + let pss = Pss::new_with_salt::<Sha384>(salt_len); + let hashed = Sha384::digest(data); + pss.verify(&public_key, &hashed, signature).is_ok() } CryptoHash::Sha512 => { - let verifying_key: VerifyingKey<Sha512> = public_key.into(); - verifying_key.verify(data, &signature).is_ok() + let pss = Pss::new_with_salt::<Sha512>(salt_len); + let hashed = Sha512::digest(data); + pss.verify(&public_key, &hashed, signature).is_ok() } } } diff --git a/ext/crypto/shared.rs b/ext/crypto/shared.rs index 109f51fa1..fdbdb23d9 100644 --- a/ext/crypto/shared.rs +++ b/ext/crypto/shared.rs @@ -8,9 +8,9 @@ use deno_core::error::AnyError; use deno_core::JsBuffer; use deno_core::ToJsBuffer; use elliptic_curve::sec1::ToEncodedPoint; +use p256::pkcs8::DecodePrivateKey; use rsa::pkcs1::DecodeRsaPrivateKey; use rsa::pkcs1::EncodeRsaPublicKey; -use rsa::pkcs8::DecodePrivateKey; use rsa::RsaPrivateKey; use serde::Deserialize; use serde::Serialize; diff --git a/ext/crypto/x25519.rs b/ext/crypto/x25519.rs index c2842aceb..8090f2880 100644 --- a/ext/crypto/x25519.rs +++ b/ext/crypto/x25519.rs @@ -1,6 +1,7 @@ // Copyright 2018-2023 the Deno authors. All rights reserved. MIT license. use curve25519_dalek::montgomery::MontgomeryPoint; +use deno_core::error::custom_error; use deno_core::error::AnyError; use deno_core::op2; use deno_core::ToJsBuffer; @@ -120,7 +121,14 @@ pub fn op_crypto_export_spki_x25519( }, subject_public_key: pubkey, }; - Ok(key_info.to_vec()?.into()) + Ok( + key_info + .to_vec() + .map_err(|_| { + custom_error("DOMExceptionOperationError", "Failed to export key") + })? + .into(), + ) } #[op2] @@ -128,10 +136,12 @@ pub fn op_crypto_export_spki_x25519( pub fn op_crypto_export_pkcs8_x25519( #[buffer] pkey: &[u8], ) -> Result<ToJsBuffer, AnyError> { + use rsa::pkcs1::der::Encode; + // This should probably use OneAsymmetricKey instead let pk_info = rsa::pkcs8::PrivateKeyInfo { public_key: None, - algorithm: rsa::pkcs8::AlgorithmIdentifier { + algorithm: rsa::pkcs8::AlgorithmIdentifierRef { // id-X25519 oid: X25519_OID, parameters: None, @@ -139,5 +149,7 @@ pub fn op_crypto_export_pkcs8_x25519( private_key: pkey, // OCTET STRING }; - Ok(pk_info.to_vec()?.into()) + let mut buf = Vec::new(); + pk_info.encode_to_vec(&mut buf)?; + Ok(buf.into()) } |