Skip to content

Commit ed23465

Browse files
alexalex
authored
refactor key serialization code to use matches (#13627)
1 parent 3391f09 commit ed23465

File tree

3 files changed

+199
-164
lines changed

3 files changed

+199
-164
lines changed

src/rust/cryptography-key-parsing/src/pkcs8.rs

Lines changed: 98 additions & 72 deletions
Original file line numberDiff line numberDiff line change
@@ -340,83 +340,109 @@ pub fn serialize_private_key(
340340
let g_bytes;
341341
let q_bytes_dh;
342342

343-
let (params, private_key_der) = if let Ok(rsa) = pkey.rsa() {
344-
let pkcs1_der = rsa::serialize_pkcs1_private_key(&rsa)?;
345-
(AlgorithmParameters::Rsa(Some(())), pkcs1_der)
346-
} else if let Ok(ec) = pkey.ec_key() {
347-
let curve_oid = ec::group_to_curve_oid(ec.group()).expect("Unknown curve");
348-
let pkcs1_der = ec::serialize_pkcs1_private_key(&ec, false)?;
349-
(
350-
AlgorithmParameters::Ec(cryptography_x509::common::EcParameters::NamedCurve(
351-
curve_oid,
352-
)),
353-
pkcs1_der,
354-
)
355-
} else if pkey.id() == openssl::pkey::Id::ED25519 {
356-
let raw_bytes = pkey.raw_private_key()?;
357-
let private_key_der = asn1::write_single(&raw_bytes.as_slice())?;
358-
(AlgorithmParameters::Ed25519, private_key_der)
359-
} else if pkey.id() == openssl::pkey::Id::X25519 {
360-
let raw_bytes = pkey.raw_private_key()?;
361-
let private_key_der = asn1::write_single(&raw_bytes.as_slice())?;
362-
(AlgorithmParameters::X25519, private_key_der)
363-
} else if crate::utils::is_ed448(pkey.id()) {
364-
let raw_bytes = pkey.raw_private_key()?;
365-
let private_key_der = asn1::write_single(&raw_bytes.as_slice())?;
366-
(AlgorithmParameters::Ed448, private_key_der)
367-
} else if crate::utils::is_x448(pkey.id()) {
368-
let raw_bytes = pkey.raw_private_key()?;
369-
let private_key_der = asn1::write_single(&raw_bytes.as_slice())?;
370-
(AlgorithmParameters::X448, private_key_der)
371-
} else if let Ok(dsa) = pkey.dsa() {
372-
p_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.p())?;
373-
q_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.q())?;
374-
g_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.g())?;
375-
376-
let priv_key_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.priv_key())?;
377-
let priv_key_int = asn1::BigUint::new(&priv_key_bytes).unwrap();
378-
let private_key_der = asn1::write_single(&priv_key_int)?;
379-
380-
let dsa_params = cryptography_x509::common::DssParams {
381-
p: asn1::BigUint::new(&p_bytes).unwrap(),
382-
q: asn1::BigUint::new(&q_bytes).unwrap(),
383-
g: asn1::BigUint::new(&g_bytes).unwrap(),
384-
};
385-
386-
(AlgorithmParameters::Dsa(dsa_params), private_key_der)
387-
} else if let Ok(dh) = pkey.dh() {
388-
p_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dh.prime_p())?;
389-
g_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dh.generator())?;
390-
q_bytes_dh = dh
391-
.prime_q()
392-
.map(cryptography_openssl::utils::bn_to_big_endian_bytes)
393-
.transpose()?;
394-
395-
let priv_key_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dh.private_key())?;
396-
let priv_key_int = asn1::BigUint::new(&priv_key_bytes).unwrap();
397-
let private_key_der = asn1::write_single(&priv_key_int)?;
398-
399-
let params = if let Some(ref q_bytes) = q_bytes_dh {
400-
let dhx_params = cryptography_x509::common::DHXParams {
343+
let (params, private_key_der) = match pkey.id() {
344+
openssl::pkey::Id::RSA => {
345+
let rsa = pkey.rsa()?;
346+
let pkcs1_der = rsa::serialize_pkcs1_private_key(&rsa)?;
347+
(AlgorithmParameters::Rsa(Some(())), pkcs1_der)
348+
}
349+
openssl::pkey::Id::EC => {
350+
let ec = pkey.ec_key()?;
351+
let curve_oid = ec::group_to_curve_oid(ec.group()).expect("Unknown curve");
352+
let pkcs1_der = ec::serialize_pkcs1_private_key(&ec, false)?;
353+
(
354+
AlgorithmParameters::Ec(cryptography_x509::common::EcParameters::NamedCurve(
355+
curve_oid,
356+
)),
357+
pkcs1_der,
358+
)
359+
}
360+
openssl::pkey::Id::ED25519 => {
361+
let raw_bytes = pkey.raw_private_key()?;
362+
let private_key_der = asn1::write_single(&raw_bytes.as_slice())?;
363+
(AlgorithmParameters::Ed25519, private_key_der)
364+
}
365+
openssl::pkey::Id::X25519 => {
366+
let raw_bytes = pkey.raw_private_key()?;
367+
let private_key_der = asn1::write_single(&raw_bytes.as_slice())?;
368+
(AlgorithmParameters::X25519, private_key_der)
369+
}
370+
#[cfg(not(any(
371+
CRYPTOGRAPHY_IS_LIBRESSL,
372+
CRYPTOGRAPHY_IS_BORINGSSL,
373+
CRYPTOGRAPHY_IS_AWSLC
374+
)))]
375+
openssl::pkey::Id::ED448 => {
376+
let raw_bytes = pkey.raw_private_key()?;
377+
let private_key_der = asn1::write_single(&raw_bytes.as_slice())?;
378+
(AlgorithmParameters::Ed448, private_key_der)
379+
}
380+
#[cfg(not(any(
381+
CRYPTOGRAPHY_IS_LIBRESSL,
382+
CRYPTOGRAPHY_IS_BORINGSSL,
383+
CRYPTOGRAPHY_IS_AWSLC
384+
)))]
385+
openssl::pkey::Id::X448 => {
386+
let raw_bytes = pkey.raw_private_key()?;
387+
let private_key_der = asn1::write_single(&raw_bytes.as_slice())?;
388+
(AlgorithmParameters::X448, private_key_der)
389+
}
390+
openssl::pkey::Id::DSA => {
391+
let dsa = pkey.dsa()?;
392+
p_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.p())?;
393+
q_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.q())?;
394+
g_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.g())?;
395+
396+
let priv_key_bytes =
397+
cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.priv_key())?;
398+
let priv_key_int = asn1::BigUint::new(&priv_key_bytes).unwrap();
399+
let private_key_der = asn1::write_single(&priv_key_int)?;
400+
401+
let dsa_params = cryptography_x509::common::DssParams {
401402
p: asn1::BigUint::new(&p_bytes).unwrap(),
403+
q: asn1::BigUint::new(&q_bytes).unwrap(),
402404
g: asn1::BigUint::new(&g_bytes).unwrap(),
403-
q: asn1::BigUint::new(q_bytes).unwrap(),
404-
j: None,
405-
validation_params: None,
406405
};
407-
AlgorithmParameters::Dh(dhx_params)
408-
} else {
409-
let basic_params = cryptography_x509::common::BasicDHParams {
410-
p: asn1::BigUint::new(&p_bytes).unwrap(),
411-
g: asn1::BigUint::new(&g_bytes).unwrap(),
412-
private_value_length: None,
406+
407+
(AlgorithmParameters::Dsa(dsa_params), private_key_der)
408+
}
409+
id if crate::utils::is_dh(id) => {
410+
let dh = pkey.dh()?;
411+
p_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dh.prime_p())?;
412+
g_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dh.generator())?;
413+
q_bytes_dh = dh
414+
.prime_q()
415+
.map(cryptography_openssl::utils::bn_to_big_endian_bytes)
416+
.transpose()?;
417+
418+
let priv_key_bytes =
419+
cryptography_openssl::utils::bn_to_big_endian_bytes(dh.private_key())?;
420+
let priv_key_int = asn1::BigUint::new(&priv_key_bytes).unwrap();
421+
let private_key_der = asn1::write_single(&priv_key_int)?;
422+
423+
let params = if let Some(ref q_bytes) = q_bytes_dh {
424+
let dhx_params = cryptography_x509::common::DHXParams {
425+
p: asn1::BigUint::new(&p_bytes).unwrap(),
426+
g: asn1::BigUint::new(&g_bytes).unwrap(),
427+
q: asn1::BigUint::new(q_bytes).unwrap(),
428+
j: None,
429+
validation_params: None,
430+
};
431+
AlgorithmParameters::Dh(dhx_params)
432+
} else {
433+
let basic_params = cryptography_x509::common::BasicDHParams {
434+
p: asn1::BigUint::new(&p_bytes).unwrap(),
435+
g: asn1::BigUint::new(&g_bytes).unwrap(),
436+
private_value_length: None,
437+
};
438+
AlgorithmParameters::DhKeyAgreement(basic_params)
413439
};
414-
AlgorithmParameters::DhKeyAgreement(basic_params)
415-
};
416440

417-
(params, private_key_der)
418-
} else {
419-
unimplemented!("Unknown key type");
441+
(params, private_key_der)
442+
}
443+
_ => {
444+
unimplemented!("Unknown key type");
445+
}
420446
};
421447

422448
let pki = PrivateKeyInfo {

src/rust/cryptography-key-parsing/src/spki.rs

Lines changed: 98 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -114,84 +114,109 @@ pub fn serialize_public_key(
114114
let g_bytes;
115115
let q_bytes_opt: Option<Vec<u8>>;
116116

117-
let (params, public_key_bytes) = if let Ok(rsa) = pkey.rsa() {
118-
let pkcs1_der = crate::rsa::serialize_pkcs1_public_key(&rsa)?;
119-
(AlgorithmParameters::Rsa(Some(())), pkcs1_der)
120-
} else if let Ok(ec) = pkey.ec_key() {
121-
let curve_oid = crate::ec::group_to_curve_oid(ec.group()).expect("Unknown curve");
122-
123-
let mut bn_ctx = openssl::bn::BigNumContext::new()?;
124-
let point_bytes = ec.public_key().to_bytes(
125-
ec.group(),
126-
openssl::ec::PointConversionForm::UNCOMPRESSED,
127-
&mut bn_ctx,
128-
)?;
129-
130-
(
131-
AlgorithmParameters::Ec(EcParameters::NamedCurve(curve_oid)),
132-
point_bytes,
133-
)
134-
} else if pkey.id() == openssl::pkey::Id::ED25519 {
135-
let raw_bytes = pkey.raw_public_key()?;
136-
(AlgorithmParameters::Ed25519, raw_bytes)
137-
} else if pkey.id() == openssl::pkey::Id::X25519 {
138-
let raw_bytes = pkey.raw_public_key()?;
139-
(AlgorithmParameters::X25519, raw_bytes)
140-
} else if crate::utils::is_ed448(pkey.id()) {
141-
let raw_bytes = pkey.raw_public_key()?;
142-
(AlgorithmParameters::Ed448, raw_bytes)
143-
} else if crate::utils::is_x448(pkey.id()) {
144-
let raw_bytes = pkey.raw_public_key()?;
145-
(AlgorithmParameters::X448, raw_bytes)
146-
} else if let Ok(dsa) = pkey.dsa() {
147-
p_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.p())?;
148-
q_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.q())?;
149-
g_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.g())?;
150-
let pub_key_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.pub_key())?;
151-
152-
let pub_key_int = asn1::BigUint::new(&pub_key_bytes).unwrap();
153-
let pub_key_der = asn1::write_single(&pub_key_int)?;
154-
155-
let dsa_params = DssParams {
156-
p: asn1::BigUint::new(&p_bytes).unwrap(),
157-
q: asn1::BigUint::new(&q_bytes).unwrap(),
158-
g: asn1::BigUint::new(&g_bytes).unwrap(),
159-
};
160-
161-
(AlgorithmParameters::Dsa(dsa_params), pub_key_der)
162-
} else if let Ok(dh) = pkey.dh() {
163-
p_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dh.prime_p())?;
164-
g_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dh.generator())?;
165-
q_bytes_opt = dh
166-
.prime_q()
167-
.map(cryptography_openssl::utils::bn_to_big_endian_bytes)
168-
.transpose()?;
169-
let pub_key_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dh.public_key())?;
170-
171-
let pub_key_int = asn1::BigUint::new(&pub_key_bytes).unwrap();
172-
let pub_key_der = asn1::write_single(&pub_key_int)?;
173-
174-
let params = if let Some(ref q_bytes) = q_bytes_opt {
175-
let dhx_params = DHXParams {
117+
let (params, public_key_bytes) = match pkey.id() {
118+
openssl::pkey::Id::RSA => {
119+
let rsa = pkey.rsa()?;
120+
let pkcs1_der = crate::rsa::serialize_pkcs1_public_key(&rsa)?;
121+
(AlgorithmParameters::Rsa(Some(())), pkcs1_der)
122+
}
123+
openssl::pkey::Id::EC => {
124+
let ec = pkey.ec_key()?;
125+
let curve_oid = crate::ec::group_to_curve_oid(ec.group()).expect("Unknown curve");
126+
127+
let mut bn_ctx = openssl::bn::BigNumContext::new()?;
128+
let point_bytes = ec.public_key().to_bytes(
129+
ec.group(),
130+
openssl::ec::PointConversionForm::UNCOMPRESSED,
131+
&mut bn_ctx,
132+
)?;
133+
134+
(
135+
AlgorithmParameters::Ec(EcParameters::NamedCurve(curve_oid)),
136+
point_bytes,
137+
)
138+
}
139+
openssl::pkey::Id::ED25519 => {
140+
let raw_bytes = pkey.raw_public_key()?;
141+
(AlgorithmParameters::Ed25519, raw_bytes)
142+
}
143+
openssl::pkey::Id::X25519 => {
144+
let raw_bytes = pkey.raw_public_key()?;
145+
(AlgorithmParameters::X25519, raw_bytes)
146+
}
147+
#[cfg(not(any(
148+
CRYPTOGRAPHY_IS_LIBRESSL,
149+
CRYPTOGRAPHY_IS_BORINGSSL,
150+
CRYPTOGRAPHY_IS_AWSLC
151+
)))]
152+
openssl::pkey::Id::ED448 => {
153+
let raw_bytes = pkey.raw_public_key()?;
154+
(AlgorithmParameters::Ed448, raw_bytes)
155+
}
156+
#[cfg(not(any(
157+
CRYPTOGRAPHY_IS_LIBRESSL,
158+
CRYPTOGRAPHY_IS_BORINGSSL,
159+
CRYPTOGRAPHY_IS_AWSLC
160+
)))]
161+
openssl::pkey::Id::X448 => {
162+
let raw_bytes = pkey.raw_public_key()?;
163+
(AlgorithmParameters::X448, raw_bytes)
164+
}
165+
openssl::pkey::Id::DSA => {
166+
let dsa = pkey.dsa()?;
167+
p_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.p())?;
168+
q_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.q())?;
169+
g_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.g())?;
170+
let pub_key_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dsa.pub_key())?;
171+
172+
let pub_key_int = asn1::BigUint::new(&pub_key_bytes).unwrap();
173+
let pub_key_der = asn1::write_single(&pub_key_int)?;
174+
175+
let dsa_params = DssParams {
176176
p: asn1::BigUint::new(&p_bytes).unwrap(),
177+
q: asn1::BigUint::new(&q_bytes).unwrap(),
177178
g: asn1::BigUint::new(&g_bytes).unwrap(),
178-
q: asn1::BigUint::new(q_bytes).unwrap(),
179-
j: None,
180-
validation_params: None,
181179
};
182-
AlgorithmParameters::Dh(dhx_params)
183-
} else {
184-
let basic_params = BasicDHParams {
185-
p: asn1::BigUint::new(&p_bytes).unwrap(),
186-
g: asn1::BigUint::new(&g_bytes).unwrap(),
187-
private_value_length: None,
180+
181+
(AlgorithmParameters::Dsa(dsa_params), pub_key_der)
182+
}
183+
id if crate::utils::is_dh(id) => {
184+
let dh = pkey.dh()?;
185+
p_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dh.prime_p())?;
186+
g_bytes = cryptography_openssl::utils::bn_to_big_endian_bytes(dh.generator())?;
187+
q_bytes_opt = dh
188+
.prime_q()
189+
.map(cryptography_openssl::utils::bn_to_big_endian_bytes)
190+
.transpose()?;
191+
let pub_key_bytes =
192+
cryptography_openssl::utils::bn_to_big_endian_bytes(dh.public_key())?;
193+
194+
let pub_key_int = asn1::BigUint::new(&pub_key_bytes).unwrap();
195+
let pub_key_der = asn1::write_single(&pub_key_int)?;
196+
197+
let params = if let Some(ref q_bytes) = q_bytes_opt {
198+
let dhx_params = DHXParams {
199+
p: asn1::BigUint::new(&p_bytes).unwrap(),
200+
g: asn1::BigUint::new(&g_bytes).unwrap(),
201+
q: asn1::BigUint::new(q_bytes).unwrap(),
202+
j: None,
203+
validation_params: None,
204+
};
205+
AlgorithmParameters::Dh(dhx_params)
206+
} else {
207+
let basic_params = BasicDHParams {
208+
p: asn1::BigUint::new(&p_bytes).unwrap(),
209+
g: asn1::BigUint::new(&g_bytes).unwrap(),
210+
private_value_length: None,
211+
};
212+
AlgorithmParameters::DhKeyAgreement(basic_params)
188213
};
189-
AlgorithmParameters::DhKeyAgreement(basic_params)
190-
};
191214

192-
(params, pub_key_der)
193-
} else {
194-
unimplemented!("Unknown key type");
215+
(params, pub_key_der)
216+
}
217+
_ => {
218+
unimplemented!("Unknown key type");
219+
}
195220
};
196221

197222
let spki = SubjectPublicKeyInfo {

0 commit comments

Comments
 (0)