RustCrypto · tarcieri · Feb 28, 2023 · Feb 28, 2023
diff --git a/.github/workflows/elliptic-curve.yml b/.github/workflows/elliptic-curve.yml
@@ -24,7 +24,7 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.61.0 # MSRV
+          - 1.65.0 # MSRV
           - stable
         target:
           - thumbv7em-none-eabi
@@ -79,7 +79,7 @@ jobs:
     strategy:
       matrix:
         rust:
-          - 1.61.0 # MSRV
+          - 1.65.0 # MSRV
           - stable
           - nightly
     steps:

diff --git a/elliptic-curve/Cargo.lock b/elliptic-curve/Cargo.lock
diff --git a/elliptic-curve/Cargo.toml b/elliptic-curve/Cargo.toml
@@ -13,12 +13,12 @@ readme = "README.md"
 categories = ["cryptography", "no-std"]
 keywords = ["crypto", "ecc", "elliptic", "weierstrass"]
 edition = "2021"
-rust-version = "1.61"
+rust-version = "1.65"
 
 [dependencies]
 base16ct = "0.1.1"
-crypto-bigint = { version = "=0.5.0-pre.3", default-features = false, features = ["rand_core", "generic-array", "zeroize"] }
-generic-array = { version = "0.14", default-features = false }
+crypto-bigint = { version = "0.5", default-features = false, features = ["rand_core", "generic-array", "zeroize"] }
+generic-array = { version = "0.14.6", default-features = false, features = ["zeroize"] }
 rand_core = { version = "0.6.4", default-features = false }
 subtle = { version = "2", default-features = false }
 zeroize = { version = "1.5", default-features = false }
@@ -30,10 +30,10 @@ ff = { version = "0.13", optional = true, default-features = false }
 group = { version = "0.13", optional = true, default-features = false }
 hkdf = { version = "0.12", optional = true, default-features = false }
 hex-literal = { version = "0.3", optional = true }
-pem-rfc7468 = { version = "0.6", optional = true }
-pkcs8 = { version = "0.9", optional = true, default-features = false }
-sec1 = { version = "0.3", optional = true, features = ["subtle", "zeroize"] }
-serdect = { version = "0.1", optional = true, default-features = false, features = ["alloc"] }
+pem-rfc7468 = { version = "0.7", optional = true }
+pkcs8 = { version = "0.10", optional = true, default-features = false }
+sec1 = { version = "0.7.1", optional = true, features = ["subtle", "zeroize"] }
+serdect = { version = "0.2", optional = true, default-features = false, features = ["alloc"] }
 serde_json = { version = "1", optional = true, default-features = false, features = ["alloc"] }
 
 [dev-dependencies]
@@ -59,7 +59,7 @@ std = [
 
 arithmetic = ["group"]
 bits = ["arithmetic", "ff/bits"]
-dev = ["arithmetic", "hex-literal", "pem", "pkcs8"]
+dev = ["arithmetic", "dep:hex-literal", "pem", "pkcs8"]
 hash2curve = ["arithmetic", "digest"]
 ecdh = ["arithmetic", "digest", "hkdf"]
 group = ["dep:group", "ff"]

diff --git a/elliptic-curve/README.md b/elliptic-curve/README.md
@@ -15,7 +15,7 @@ and public/secret keys composed thereof.
 
 ## Minimum Supported Rust Version
 
-Requires Rust **1.61** or higher.
+Requires Rust **1.65** or higher.
 
 Minimum supported Rust version can be changed in the future, but it will be
 done with a minor version bump.
@@ -49,6 +49,6 @@ dual licensed as above, without any additional terms or conditions.
 [build-image]: https://github.com/RustCrypto/traits/actions/workflows/elliptic-curve.yml/badge.svg
 [build-link]: https://github.com/RustCrypto/traits/actions/workflows/elliptic-curve.yml
 [license-image]: https://img.shields.io/badge/license-Apache2.0/MIT-blue.svg
-[rustc-image]: https://img.shields.io/badge/rustc-1.61+-blue.svg
+[rustc-image]: https://img.shields.io/badge/rustc-1.65+-blue.svg
 [chat-image]: https://img.shields.io/badge/zulip-join_chat-blue.svg
 [chat-link]: https://rustcrypto.zulipchat.com/#narrow/stream/260040-elliptic-curves
diff --git a/elliptic-curve/src/public_key.rs b/elliptic-curve/src/public_key.rs
@@ -35,10 +35,13 @@ use alloc::string::{String, ToString};
 #[cfg(feature = "serde")]
 use serdect::serde::{de, ser, Deserialize, Serialize};
 
+#[cfg(any(feature = "pem", feature = "serde"))]
+use pkcs8::DecodePublicKey;
+
 #[cfg(all(feature = "sec1", feature = "pkcs8"))]
 use {
     crate::{
-        pkcs8::{self, AssociatedOid, DecodePublicKey},
+        pkcs8::{self, AssociatedOid},
         ALGORITHM_OID,
     },
     pkcs8::der,
@@ -339,30 +342,27 @@ where
 }
 
 #[cfg(all(feature = "pkcs8", feature = "sec1"))]
-impl<C> TryFrom<pkcs8::SubjectPublicKeyInfo<'_>> for PublicKey<C>
+impl<C> TryFrom<pkcs8::SubjectPublicKeyInfoRef<'_>> for PublicKey<C>
 where
     C: AssociatedOid + CurveArithmetic,
     AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
     FieldBytesSize<C>: ModulusSize,
 {
     type Error = pkcs8::spki::Error;
 
-    fn try_from(spki: pkcs8::SubjectPublicKeyInfo<'_>) -> pkcs8::spki::Result<Self> {
+    fn try_from(spki: pkcs8::SubjectPublicKeyInfoRef<'_>) -> pkcs8::spki::Result<Self> {
         spki.algorithm.assert_oids(ALGORITHM_OID, C::OID)?;
-        Self::from_sec1_bytes(spki.subject_public_key)
+
+        let public_key_bytes = spki
+            .subject_public_key
+            .as_bytes()
+            .ok_or_else(|| der::Tag::BitString.value_error())?;
+
+        Self::from_sec1_bytes(public_key_bytes)
             .map_err(|_| der::Tag::BitString.value_error().into())
     }
 }
 
-#[cfg(all(feature = "pkcs8", feature = "sec1"))]
-impl<C> DecodePublicKey for PublicKey<C>
-where
-    C: AssociatedOid + CurveArithmetic,
-    AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
-    FieldBytesSize<C>: ModulusSize,
-{
-}
-
 #[cfg(all(feature = "alloc", feature = "pkcs8"))]
 impl<C> EncodePublicKey for PublicKey<C>
 where
@@ -371,16 +371,17 @@ where
     FieldBytesSize<C>: ModulusSize,
 {
     fn to_public_key_der(&self) -> pkcs8::spki::Result<der::Document> {
-        let algorithm = pkcs8::AlgorithmIdentifier {
+        let algorithm = pkcs8::AlgorithmIdentifierRef {
             oid: ALGORITHM_OID,
             parameters: Some((&C::OID).into()),
         };
 
         let public_key_bytes = self.to_encoded_point(false);
+        let subject_public_key = der::asn1::BitStringRef::new(0, public_key_bytes.as_bytes())?;
 
-        pkcs8::SubjectPublicKeyInfo {
+        pkcs8::SubjectPublicKeyInfoRef {
             algorithm,
-            subject_public_key: public_key_bytes.as_ref(),
+            subject_public_key,
         }
         .try_into()
     }

diff --git a/elliptic-curve/src/secret_key.rs b/elliptic-curve/src/secret_key.rs
@@ -190,8 +190,7 @@ where
         AffinePoint<C>: FromEncodedPoint<C> + ToEncodedPoint<C>,
         FieldBytesSize<C>: ModulusSize,
     {
-        // TODO(tarcieri): wrap `secret_key_bytes` in `Zeroizing`
-        let mut private_key_bytes = self.to_bytes();
+        let private_key_bytes = Zeroizing::new(self.to_bytes());
         let public_key_bytes = self.public_key().to_encoded_point(false);
 
         let ec_private_key = Zeroizing::new(
@@ -200,12 +199,9 @@ where
                 parameters: None,
                 public_key: Some(public_key_bytes.as_bytes()),
             }
-            .to_vec()?,
+            .to_der()?,
         );
 
-        // TODO(tarcieri): wrap `private_key_bytes` in `Zeroizing`
-        private_key_bytes.zeroize();
-
         Ok(ec_private_key)
     }
 

diff --git a/elliptic-curve/src/secret_key/pkcs8.rs b/elliptic-curve/src/secret_key/pkcs8.rs
@@ -2,7 +2,7 @@
 
 use super::SecretKey;
 use crate::{
-    pkcs8::{self, der::Decode, AssociatedOid, DecodePrivateKey},
+    pkcs8::{self, der::Decode, AssociatedOid},
     sec1::{ModulusSize, ValidatePublicKey},
     Curve, FieldBytesSize, ALGORITHM_OID,
 };
@@ -23,6 +23,7 @@ use {
 use {
     crate::{error::Error, Result},
     core::str::FromStr,
+    pkcs8::DecodePrivateKey,
 };
 
 impl<C> TryFrom<pkcs8::PrivateKeyInfo<'_>> for SecretKey<C>
@@ -42,13 +43,6 @@ where
     }
 }
 
-impl<C> DecodePrivateKey for SecretKey<C>
-where
-    C: Curve + AssociatedOid + ValidatePublicKey,
-    FieldBytesSize<C>: ModulusSize,
-{
-}
-
 #[cfg(all(feature = "alloc", feature = "arithmetic"))]
 impl<C> EncodePrivateKey for SecretKey<C>
 where
@@ -57,7 +51,7 @@ where
     FieldBytesSize<C>: ModulusSize,
 {
     fn to_pkcs8_der(&self) -> pkcs8::Result<der::SecretDocument> {
-        let algorithm_identifier = pkcs8::AlgorithmIdentifier {
+        let algorithm_identifier = pkcs8::AlgorithmIdentifierRef {
             oid: ALGORITHM_OID,
             parameters: Some((&C::OID).into()),
         };

diff --git a/elliptic-curve/tests/pkcs8.rs b/elliptic-curve/tests/pkcs8.rs
@@ -31,6 +31,7 @@ fn example_private_key() -> der::SecretDocument {
 
 #[test]
 fn decode_pkcs8_private_key_from_der() {
+    dbg!(example_private_key().as_bytes());
     let secret_key = SecretKey::from_pkcs8_der(example_private_key().as_bytes()).unwrap();
     assert_eq!(secret_key.to_bytes().as_slice(), &EXAMPLE_SCALAR);
 }