Implement PKCS#8 serialization using rust-asn1 for unencrypted keys (#13624)

Replace OpenSSL's private_key_to_pkcs8() with rust-asn1 serialization
for unencrypted PKCS#8 private keys. Supports RSA, EC, DSA, DH, Ed25519,
X25519, Ed448, and X448 key types.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude <[email protected]>

Author: alex

src/rust/cryptography-key-parsing/src/ec.rs

@@ -121,8 +121,14 @@ pub(crate) fn ec_params_to_group(
 
 pub fn serialize_pkcs1_private_key(
     ec: &openssl::ec::EcKeyRef<openssl::pkey::Private>,
+    include_curve: bool,
 ) -> KeySerializationResult<Vec<u8>> {
-    let curve_oid = group_to_curve_oid(ec.group()).expect("Unknown curve");
+    let parameters = if include_curve {
+        let curve_oid = group_to_curve_oid(ec.group()).expect("Unknown curve");
+        Some(EcParameters::NamedCurve(curve_oid))
+    } else {
+        None
+    };
 
     let private_key_bytes = ec.private_key().to_vec();
 
@@ -136,7 +142,7 @@ pub fn serialize_pkcs1_private_key(
     let key = EcPrivateKey {
         version: 1,
         private_key: &private_key_bytes,
-        parameters: Some(EcParameters::NamedCurve(curve_oid)),
+        parameters,
         public_key: Some(asn1::BitString::new(&public_key_bytes, 0).unwrap()),
     };
     Ok(asn1::write_single(&key)?)

src/rust/cryptography-key-parsing/src/lib.rs

@@ -12,6 +12,7 @@ pub mod pem;
 pub mod pkcs8;
 pub mod rsa;
 pub mod spki;
+pub(crate) mod utils;
 
 pub const MIN_DH_MODULUS_SIZE: u32 = 512;
 

src/rust/cryptography-key-parsing/src/pkcs8.rs

@@ -13,13 +13,13 @@ use crate::MIN_DH_MODULUS_SIZE;
 use crate::{ec, rsa, KeyParsingError, KeyParsingResult};
 
 // RFC 5208 Section 5
-#[derive(asn1::Asn1Read)]
-struct PrivateKeyInfo<'a> {
-    version: u8,
-    algorithm: AlgorithmIdentifier<'a>,
-    private_key: &'a [u8],
+#[derive(asn1::Asn1Read, asn1::Asn1Write)]
+pub struct PrivateKeyInfo<'a> {
+    pub version: u8,
+    pub algorithm: AlgorithmIdentifier<'a>,
+    pub private_key: &'a [u8],
     #[implicit(0)]
-    _attributes: Option<Attributes<'a>>,
+    pub attributes: Option<Attributes<'a>>,
 }
 
 pub fn parse_private_key(
@@ -331,3 +331,116 @@ pub fn parse_encrypted_private_key(
 
     parse_private_key(&plaintext)
 }
+
+pub fn serialize_private_key(
+    pkey: &openssl::pkey::PKeyRef<openssl::pkey::Private>,
+) -> crate::KeySerializationResult<Vec<u8>> {
+    let p_bytes;
+    let q_bytes;
+    let g_bytes;
+    let q_bytes_dh;
+
+    let (params, private_key_der) = if let Ok(rsa) = pkey.rsa() {
+        let pkcs1_der = rsa::serialize_pkcs1_private_key(&rsa)?;
+        (AlgorithmParameters::Rsa(Some(())), pkcs1_der)
+    } else if let Ok(ec) = pkey.ec_key() {
+        let curve_oid = ec::group_to_curve_oid(ec.group()).expect("Unknown curve");
+        let pkcs1_der = ec::serialize_pkcs1_private_key(&ec, false)?;
+        (
+            AlgorithmParameters::Ec(cryptography_x509::common::EcParameters::NamedCurve(
+                curve_oid,
+            )),
+            pkcs1_der,
+        )
+    } else if pkey.id() == openssl::pkey::Id::ED25519 {
+        let raw_bytes = pkey.raw_private_key()?;
+        let private_key_der = asn1::write_single(&raw_bytes.as_slice())?;
+        (AlgorithmParameters::Ed25519, private_key_der)
+    } else if pkey.id() == openssl::pkey::Id::X25519 {
+        let raw_bytes = pkey.raw_private_key()?;
+        let private_key_der = asn1::write_single(&raw_bytes.as_slice())?;
+        (AlgorithmParameters::X25519, private_key_der)
+    } else if crate::utils::is_ed448(pkey.id()) {
+        let raw_bytes = pkey.raw_private_key()?;
+        let private_key_der = asn1::write_single(&raw_bytes.as_slice())?;
+        (AlgorithmParameters::Ed448, private_key_der)
+    } else if crate::utils::is_x448(pkey.id()) {
+        let raw_bytes = pkey.raw_private_key()?;
+        let private_key_der = asn1::write_single(&raw_bytes.as_slice())?;
+        (AlgorithmParameters::X448, private_key_der)
+    } else if let Ok(dsa) = pkey.dsa() {
+        p_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.p())?;
+        q_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.q())?;
+        g_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.g())?;
+
+        let priv_key_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.priv_key())?;
+        let priv_key_int = asn1::BigUint::new(&priv_key_bytes).unwrap();
+        let private_key_der = asn1::write_single(&priv_key_int)?;
+
+        let dsa_params = cryptography_x509::common::DssParams {
+            p: asn1::BigUint::new(&p_bytes).unwrap(),
+            q: asn1::BigUint::new(&q_bytes).unwrap(),
+            g: asn1::BigUint::new(&g_bytes).unwrap(),
+        };
+
+        (AlgorithmParameters::Dsa(dsa_params), private_key_der)
+    } else if let Ok(dh) = pkey.dh() {
+        p_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dh.prime_p())?;
+        g_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dh.generator())?;
+        q_bytes_dh = dh
+            .prime_q()
+            .map(cryptography_openssl::utils::bn_to_big_endian_bytes)
+            .transpose()?;
+
+        let priv_key_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dh.private_key())?;
+        let priv_key_int = asn1::BigUint::new(&priv_key_bytes).unwrap();
+        let private_key_der = asn1::write_single(&priv_key_int)?;
+
+        let params = if let Some(ref q_bytes) = q_bytes_dh {
+            let dhx_params = cryptography_x509::common::DHXParams {
+                p: asn1::BigUint::new(&p_bytes).unwrap(),
+                g: asn1::BigUint::new(&g_bytes).unwrap(),
+                q: asn1::BigUint::new(q_bytes).unwrap(),
+                j: None,
+                validation_params: None,
+            };
+            AlgorithmParameters::Dh(dhx_params)
+        } else {
+            let basic_params = cryptography_x509::common::BasicDHParams {
+                p: asn1::BigUint::new(&p_bytes).unwrap(),
+                g: asn1::BigUint::new(&g_bytes).unwrap(),
+                private_value_length: None,
+            };
+            AlgorithmParameters::DhKeyAgreement(basic_params)
+        };
+
+        (params, private_key_der)
+    } else {
+        unimplemented!("Unknown key type");
+    };
+
+    let pki = PrivateKeyInfo {
+        version: 0,
+        algorithm: AlgorithmIdentifier {
+            oid: asn1::DefinedByMarker::marker(),
+            params,
+        },
+        private_key: &private_key_der,
+        attributes: None,
+    };
+    Ok(asn1::write_single(&pki)?)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::serialize_private_key;
+
+    #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))]
+    #[test]
+    #[should_panic(expected = "Unknown key type")]
+    fn test_serialize_private_key_unknown_key_type() {
+        let pkey = openssl::pkey::PKey::hmac(&[0u8; 16]).unwrap();
+        // Expected to panic
+        _ = serialize_private_key(&pkey);
+    }
+}

src/rust/cryptography-key-parsing/src/spki.rs

@@ -106,38 +106,6 @@ pub fn parse_public_key(
     }
 }
 
-// these functions exist because you can't use conditional compilation easily
-// in `else if` chain.
-fn is_ed448(id: openssl::pkey::Id) -> bool {
-    cfg_if::cfg_if! {
-        if #[cfg(not(any(
-            CRYPTOGRAPHY_IS_LIBRESSL,
-            CRYPTOGRAPHY_IS_BORINGSSL,
-            CRYPTOGRAPHY_IS_AWSLC
-        )))] {
-            id == openssl::pkey::Id::ED448
-        } else {
-            _ = id;
-            false
-        }
-    }
-}
-
-fn is_x448(id: openssl::pkey::Id) -> bool {
-    cfg_if::cfg_if! {
-        if #[cfg(not(any(
-            CRYPTOGRAPHY_IS_LIBRESSL,
-            CRYPTOGRAPHY_IS_BORINGSSL,
-            CRYPTOGRAPHY_IS_AWSLC
-        )))] {
-            id == openssl::pkey::Id::X448
-        } else {
-            _ = id;
-            false
-        }
-    }
-}
-
 pub fn serialize_public_key(
     pkey: &openssl::pkey::PKeyRef<impl openssl::pkey::HasPublic>,
 ) -> KeySerializationResult<Vec<u8>> {
@@ -169,10 +137,10 @@ pub fn serialize_public_key(
     } else if pkey.id() == openssl::pkey::Id::X25519 {
         let raw_bytes = pkey.raw_public_key()?;
         (AlgorithmParameters::X25519, raw_bytes)
-    } else if is_ed448(pkey.id()) {
+    } else if crate::utils::is_ed448(pkey.id()) {
         let raw_bytes = pkey.raw_public_key()?;
         (AlgorithmParameters::Ed448, raw_bytes)
-    } else if is_x448(pkey.id()) {
+    } else if crate::utils::is_x448(pkey.id()) {
         let raw_bytes = pkey.raw_public_key()?;
         (AlgorithmParameters::X448, raw_bytes)
     } else if let Ok(dsa) = pkey.dsa() {

src/rust/cryptography-key-parsing/src/utils.rs

@@ -0,0 +1,33 @@
+// This file is dual licensed under the terms of the Apache License, Version
+// 2.0, and the BSD License. See the LICENSE file in the root of this repository
+// for complete details.
+
+pub(crate) fn is_ed448(id: openssl::pkey::Id) -> bool {
+    cfg_if::cfg_if! {
+        if #[cfg(not(any(
+            CRYPTOGRAPHY_IS_LIBRESSL,
+            CRYPTOGRAPHY_IS_BORINGSSL,
+            CRYPTOGRAPHY_IS_AWSLC
+        )))] {
+            id == openssl::pkey::Id::ED448
+        } else {
+            _ = id;
+            false
+        }
+    }
+}
+
+pub(crate) fn is_x448(id: openssl::pkey::Id) -> bool {
+    cfg_if::cfg_if! {
+        if #[cfg(not(any(
+            CRYPTOGRAPHY_IS_LIBRESSL,
+            CRYPTOGRAPHY_IS_BORINGSSL,
+            CRYPTOGRAPHY_IS_AWSLC
+        )))] {
+            id == openssl::pkey::Id::X448
+        } else {
+            _ = id;
+            false
+        }
+    }
+}

src/rust/src/backend/utils.rs

@@ -115,7 +115,10 @@ pub(crate) fn pkey_private_bytes<'p>(
 
     if format.is(&types::PRIVATE_FORMAT_PKCS8.get(py)?) {
         let (tag, der_bytes) = if password.is_empty() {
-            ("PRIVATE KEY", pkey.private_key_to_pkcs8()?)
+            (
+                "PRIVATE KEY",
+                cryptography_key_parsing::pkcs8::serialize_private_key(pkey)?,
+            )
         } else {
             (
                 "ENCRYPTED PRIVATE KEY",
@@ -178,7 +181,7 @@ pub(crate) fn pkey_private_bytes<'p>(
                 return Ok(pyo3::types::PyBytes::new(py, &der_bytes));
             }
         } else if let Ok(ec) = pkey.ec_key() {
-            let der_bytes = cryptography_key_parsing::ec::serialize_pkcs1_private_key(&ec)?;
+            let der_bytes = cryptography_key_parsing::ec::serialize_pkcs1_private_key(&ec, true)?;
             if encoding.is(&types::ENCODING_PEM.get(py)?) {
                 let pem_bytes = cryptography_key_parsing::pem::encrypt_pem(
                     "EC PRIVATE KEY",