-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support of Octet String and X509 bytes encoding (#255) #256
Conversation
227e317
to
1302642
Compare
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #256 +/- ##
==========================================
+ Coverage 95.65% 95.74% +0.08%
==========================================
Files 57 58 +1
Lines 7759 7983 +224
==========================================
+ Hits 7422 7643 +221
- Misses 337 340 +3 ☔ View full report in Codecov by Sentry. |
fc6a142
to
56a0491
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is exposing taking different encodings as a new parameter and function (new_with_encoding) rather than adding a new new_with_x509 creation function, like that PR did (once):
fn from_private_key_der(alg: &'static EcdsaSigningAlgorithm, key: &[u8]) -> Result<Self, KeyRejected>;
I think generally speaking either is fine but it is a slight deviation. I think in most cases the caller is going to know for sure what they have so adding extra functions in the public API for different encodings rather than having an Encoding struct + constants might be cleaner.
But, no strong opinions.
Will change. |
3d8b907
to
662c9e7
Compare
2ee6ef3
to
39d9f5a
Compare
fda9de1
to
ce481d6
Compare
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
ce481d6
to
ff308cd
Compare
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
ff308cd
to
a95a456
Compare
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
a95a456
to
c21d6b1
Compare
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
Address Mark's review comments at aws#256 Address Mark's 2nd round of review comments at aws#256 Computes the public key in X509 format from the private key used for key agreement. Fix doc per Mark's feedback Move Encoding and EncodingID from agreement.rs to public_key.rs so they can be reused them in both signature::UnparsedPublicKey and agreement::UnparsedPublicKey Move evp_pkey_from_x509_pubkey from ec.rs to public_key.rs as it can be reused for not only EC public keys but also RSA public keys.
I've stashed this PR contents at https://github.com/aws/aws-lc-rs/tree/hansonchar/main-x509 until we have time to review this work as part of the broader service teams' requirements. |
Issues:
Addresses #255
Description of changes:
Currently only octet string encoding is supported for the input peer public key for key agreement. This makes it difficult to interoperate with other platforms such as Java where the public key is output in X509 encoding. This change supports the input of peer public key in both Octet String and X509 encoding for key agreement purposes.
Call-outs:
Currently the output bytes of a EC public key from
aws-lc-rs
is always in octet string encoding. It should also provide the API to output the public key in X509 DER encoding as an option. Will however address this in a separate issue and PR.Testing:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.