Use AlgorithmIdentifier values from rustls-pki-types

This is a breaking change because we lose `rustls_webpki::alg_id`: it becomes available at `rustls_webpki::types::alg_id` instead.
rustls · Dec 23, 2024 · 4504902 · 4504902
1 parent d560602
commit 4504902
Show file tree

Hide file tree

Showing 20 changed files with 3 additions and 114 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -54,8 +54,6 @@ include = [
     "src/verify_cert.rs",
     "src/lib.rs",
 
-    "src/data/**/*",
-
     "tests/**",
 ]
 

diff --git a/src/aws_lc_rs_algs.rs b/src/aws_lc_rs_algs.rs
@@ -1,7 +1,5 @@
 use aws_lc_rs::{signature, try_fips_mode};
-use pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm};
-
-use crate::signed_data::alg_id;
+use pki_types::{alg_id, AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm};
 
 // nb. aws-lc-rs has an API that is broadly compatible with *ring*,
 // so this is very similar to ring_algs.rs.

diff --git a/src/data/README.md b/src/data/README.md
diff --git a/src/data/alg-ecdsa-p256.der b/src/data/alg-ecdsa-p256.der
diff --git a/src/data/alg-ecdsa-p384.der b/src/data/alg-ecdsa-p384.der
diff --git a/src/data/alg-ecdsa-p521.der b/src/data/alg-ecdsa-p521.der
diff --git a/src/data/alg-ecdsa-sha256.der b/src/data/alg-ecdsa-sha256.der
diff --git a/src/data/alg-ecdsa-sha384.der b/src/data/alg-ecdsa-sha384.der
diff --git a/src/data/alg-ecdsa-sha512.der b/src/data/alg-ecdsa-sha512.der
diff --git a/src/data/alg-ed25519.der b/src/data/alg-ed25519.der
diff --git a/src/data/alg-rsa-encryption.der b/src/data/alg-rsa-encryption.der
diff --git a/src/data/alg-rsa-pkcs1-sha256.der b/src/data/alg-rsa-pkcs1-sha256.der
diff --git a/src/data/alg-rsa-pkcs1-sha384.der b/src/data/alg-rsa-pkcs1-sha384.der
diff --git a/src/data/alg-rsa-pkcs1-sha512.der b/src/data/alg-rsa-pkcs1-sha512.der
diff --git a/src/data/alg-rsa-pss-sha256.der b/src/data/alg-rsa-pss-sha256.der
diff --git a/src/data/alg-rsa-pss-sha384.der b/src/data/alg-rsa-pss-sha384.der
diff --git a/src/data/alg-rsa-pss-sha512.der b/src/data/alg-rsa-pss-sha512.der
diff --git a/src/lib.rs b/src/lib.rs
@@ -81,7 +81,6 @@ pub use {
     end_entity::EndEntityCert,
     error::{DerTypeId, Error},
     rpk_entity::RawPublicKeyEntity,
-    signed_data::alg_id,
     trust_anchor::anchor_from_trusted_cert,
     verify_cert::KeyUsage,
     verify_cert::VerifiedPath,

diff --git a/src/ring_algs.rs b/src/ring_algs.rs
@@ -12,11 +12,9 @@
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-use pki_types::{AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm};
+use pki_types::{alg_id, AlgorithmIdentifier, InvalidSignature, SignatureVerificationAlgorithm};
 use ring::signature;
 
-use crate::signed_data::alg_id;
-
 /// A `SignatureVerificationAlgorithm` implemented using *ring*.
 #[derive(Debug)]
 struct RingAlgorithm {

diff --git a/src/signed_data.rs b/src/signed_data.rs
@@ -16,7 +16,7 @@ use crate::der::{self, FromDer};
 use crate::error::{DerTypeId, Error};
 use crate::verify_cert::Budget;
 
-use pki_types::{AlgorithmIdentifier, SignatureVerificationAlgorithm};
+use pki_types::SignatureVerificationAlgorithm;
 
 #[cfg(feature = "alloc")]
 use alloc::vec::Vec;
@@ -249,81 +249,3 @@ impl<'a> FromDer<'a> for SubjectPublicKeyInfo<'a> {
 
     const TYPE_ID: DerTypeId = DerTypeId::SubjectPublicKeyInfo;
 }
-
-/// Encodings of the PKIX AlgorithmIdentifier type.
-///
-/// This module contains a set of common values, and exists to keep the
-/// names of these separate from the actual algorithm implementations.
-pub mod alg_id {
-    use super::AlgorithmIdentifier;
-
-    // See src/data/README.md.
-
-    /// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp256r1`.
-    pub const ECDSA_P256: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p256.der"));
-
-    /// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp384r1`.
-    pub const ECDSA_P384: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p384.der"));
-
-    /// AlgorithmIdentifier for `id-ecPublicKey` with named curve `secp521r1`.
-    pub const ECDSA_P521: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-p521.der"));
-
-    /// AlgorithmIdentifier for `ecdsa-with-SHA256`.
-    pub const ECDSA_SHA256: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha256.der"));
-
-    /// AlgorithmIdentifier for `ecdsa-with-SHA384`.
-    pub const ECDSA_SHA384: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha384.der"));
-
-    /// AlgorithmIdentifier for `ecdsa-with-SHA512`.
-    pub const ECDSA_SHA512: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ecdsa-sha512.der"));
-
-    /// AlgorithmIdentifier for `rsaEncryption`.
-    pub const RSA_ENCRYPTION: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-encryption.der"));
-
-    /// AlgorithmIdentifier for `sha256WithRSAEncryption`.
-    pub const RSA_PKCS1_SHA256: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha256.der"));
-
-    /// AlgorithmIdentifier for `sha384WithRSAEncryption`.
-    pub const RSA_PKCS1_SHA384: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha384.der"));
-
-    /// AlgorithmIdentifier for `sha512WithRSAEncryption`.
-    pub const RSA_PKCS1_SHA512: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pkcs1-sha512.der"));
-
-    /// AlgorithmIdentifier for `rsassaPss` with:
-    ///
-    /// - hashAlgorithm: sha256
-    /// - maskGenAlgorithm: mgf1 with sha256
-    /// - saltLength: 32
-    pub const RSA_PSS_SHA256: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha256.der"));
-
-    /// AlgorithmIdentifier for `rsassaPss` with:
-    ///
-    /// - hashAlgorithm: sha384
-    /// - maskGenAlgorithm: mgf1 with sha384
-    /// - saltLength: 48
-    pub const RSA_PSS_SHA384: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha384.der"));
-
-    /// AlgorithmIdentifier for `rsassaPss` with:
-    ///
-    /// - hashAlgorithm: sha512
-    /// - maskGenAlgorithm: mgf1 with sha512
-    /// - saltLength: 64
-    pub const RSA_PSS_SHA512: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-rsa-pss-sha512.der"));
-
-    /// AlgorithmIdentifier for `ED25519`.
-    pub const ED25519: AlgorithmIdentifier =
-        AlgorithmIdentifier::from_slice(include_bytes!("data/alg-ed25519.der"));
-}