Skip to content

Commit 84f7b56

Browse files
authored
elliptic-curve: fix SEC1 serialization (#1933)
It wasn't including the curve OID as `EcParameters`. Previously the logic for populating this field lived in the `sec1` crate. Since SEC1 needs a slightly different serialization than PKCS#8 (notably the latter hoists the curve OID onto `AlgorithmParameters` and omits it from the SEC1 `EcPrivateKey` this more or less reverts the PKCS#8 serialization logic to what it was before.
1 parent 4e66a74 commit 84f7b56

File tree

2 files changed

+14
-3
lines changed

2 files changed

+14
-3
lines changed

elliptic-curve/src/secret_key.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -387,7 +387,7 @@ where
387387

388388
Ok(der::SecretDocument::encode_msg(&sec1::EcPrivateKey {
389389
private_key: &private_key_bytes,
390-
parameters: None,
390+
parameters: Some(C::OID.into()),
391391
public_key: Some(public_key_bytes.as_bytes()),
392392
})?)
393393
}

elliptic-curve/src/secret_key/pkcs8.rs

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,9 @@ use {
1818
},
1919
pkcs8::{
2020
EncodePrivateKey,
21-
der::{self, asn1::OctetStringRef},
21+
der::{self, Encode, asn1::OctetStringRef},
2222
},
23+
zeroize::Zeroizing,
2324
};
2425

2526
// Imports for actual PEM support
@@ -71,7 +72,17 @@ where
7172
parameters: Some((&C::OID).into()),
7273
};
7374

74-
let ec_private_key = self.to_sec1_der()?;
75+
let private_key_bytes = Zeroizing::new(self.to_bytes());
76+
let public_key_bytes = self.public_key().to_encoded_point(false);
77+
78+
let ec_private_key = Zeroizing::new(
79+
EcPrivateKey {
80+
private_key: &private_key_bytes,
81+
parameters: None,
82+
public_key: Some(public_key_bytes.as_bytes()),
83+
}
84+
.to_der()?,
85+
);
7586

7687
let pkcs8_key = pkcs8::PrivateKeyInfoRef::new(
7788
algorithm_identifier,

0 commit comments

Comments
 (0)