revert: remove x509 feature

Author: juliusl

ed25519-dalek/Cargo.toml

@@ -37,7 +37,6 @@ merlin = { version = "3", default-features = false, optional = true }
 rand_core = { version = "0.6.4", default-features = false, optional = true }
 serde = { version = "1.0", default-features = false, optional = true }
 zeroize = { version = "1.5", default-features = false, optional = true }
-x509-cert = { version = "0.2.5", features = ["builder"], optional = true }
 
 [dev-dependencies]
 curve25519-dalek = { version = "4", path = "../curve25519-dalek", default-features = false, features = ["digest", "rand_core"] }
@@ -72,7 +71,6 @@ digest = ["signature/digest"]
 hazmat = []
 # Turns off stricter checking for scalar malleability in signatures
 legacy_compatibility = ["curve25519-dalek/legacy_compatibility"]
-x509 = ["pkcs8", "alloc", "dep:x509-cert"]
 pkcs8 = ["ed25519/pkcs8"]
 pem = ["alloc", "ed25519/pem", "pkcs8"]
 rand_core = ["dep:rand_core"]

ed25519-dalek/src/lib.rs

@@ -288,52 +288,7 @@ pub use crate::verifying::*;
 #[cfg(feature = "digest")]
 pub use ed25519::signature::{DigestSigner, DigestVerifier};
 pub use ed25519::signature::{Signer, Verifier};
-
-#[cfg(not(feature = "x509"))]
 pub use ed25519::Signature;
 
-#[cfg(feature = "x509")]
-pub use signature_wrapper::Signature;
-
-#[cfg(feature = "x509")]
-mod signature_wrapper {
-    use core::ops::Deref;
-    use core::ops::DerefMut;
-    
-    /// Wrapper over ed25519::Signature to enable additional trait implementations required to build x509 certificates
-    #[derive(Copy, Clone, Eq, PartialEq)]
-    #[repr(C)]
-    pub struct Signature(pub ed25519::Signature);
-    
-    impl Signature {
-        /// Parse an Ed25519 signature from a byte slice.
-        pub fn from_bytes(bytes: &ed25519::SignatureBytes) -> Self {
-            Self(ed25519::Signature::from_bytes(bytes))
-        }
-    }
-    
-    impl TryFrom<&[u8]> for Signature {
-        type Error = ed25519::Error;
-    
-        fn try_from(value: &[u8]) -> Result<Self, Self::Error> {
-            Ok(Self(ed25519::Signature::try_from(value)?))
-        }
-    }
-    
-    impl Deref for Signature {
-        type Target = ed25519::Signature;
-    
-        fn deref(&self) -> &Self::Target {
-            &self.0
-        }
-    }
-    
-    impl DerefMut for Signature {
-        fn deref_mut(&mut self) -> &mut Self::Target {
-            &mut self.0
-        }
-    }
-}
-
 #[cfg(feature = "pkcs8")]
 pub use ed25519::pkcs8;

ed25519-dalek/src/signature.rs

@@ -174,20 +174,4 @@ impl From<InternalSignature> for ed25519::Signature {
     fn from(sig: InternalSignature) -> ed25519::Signature {
         ed25519::Signature::from_components(*sig.R.as_bytes(), *sig.s.as_bytes())
     }
-}
-
-#[cfg(feature = "x509")]
-impl From<InternalSignature> for crate::Signature {
-    fn from(value: InternalSignature) -> Self {
-        crate::Signature(ed25519::Signature::from(value))
-    }
-}
-
-#[cfg(feature = "x509")]
-impl ed25519::pkcs8::spki::SignatureBitStringEncoding for crate::Signature {
-    fn to_bitstring(&self) -> x509_cert::der::Result<x509_cert::der::asn1::BitString> {
-        let signature: ed25519::Signature = self.0.into();
-
-        x509_cert::der::asn1::BitString::new(0, signature.to_vec())
-    }
 }

ed25519-dalek/tests/pkcs8.rs

@@ -4,20 +4,13 @@
 //! RFC5958 (PKCS#8) and RFC5280 (SPKI).
 
 #![cfg(feature = "pkcs8")]
-use ed25519_dalek::pkcs8::{DecodePrivateKey, DecodePublicKey};
+use ed25519_dalek::pkcs8::{spki::DynSignatureAlgorithmIdentifier, DecodePrivateKey, DecodePublicKey};
 use ed25519_dalek::{SigningKey, VerifyingKey};
 use hex_literal::hex;
 
 #[cfg(feature = "alloc")]
 use ed25519_dalek::pkcs8::{EncodePrivateKey, EncodePublicKey};
 
-#[cfg(feature = "x509")]
-use x509_cert::builder::Builder;
-#[cfg(feature = "x509")]
-use x509_cert::der::EncodePem;
-#[cfg(feature = "x509")]
-use x509_cert::spki::DynSignatureAlgorithmIdentifier;
-
 /// Ed25519 PKCS#8 v1 private key encoded as ASN.1 DER.
 const PKCS8_V1_DER: &[u8] = include_bytes!("examples/pkcs8-v1.der");
 
@@ -76,45 +69,15 @@ fn encode_verifying_key() {
     assert_eq!(verifying_key, verifying_key2);
 }
 
-#[cfg(feature = "x509")]
 #[test]
-fn build_valid_x509_cert() {
-    use std::time::Duration;
-    use std::str::FromStr;
-    use x509_cert::{
-        builder::{CertificateBuilder, Profile},
-        name::Name,
-        serial_number::SerialNumber,
-        spki:: SubjectPublicKeyInfoOwned,
-        time::Validity,
-    };
-    let profile = Profile::Root;
-    let serial_number = SerialNumber::from(42u32);
-    let validity = Validity::from_now(Duration::new(360, 0)).unwrap();
-    let subject = Name::from_str("CN=World domination corporation,O=World domination Inc,C=US").unwrap();
-    let signing = SigningKey::from_bytes(&SK_BYTES);
-    let verifying_key = VerifyingKey::from_bytes(&PK_BYTES).unwrap();
-    let public_key = verifying_key.to_public_key_der().unwrap();
-    let key_info =
-        SubjectPublicKeyInfoOwned::try_from(&public_key.as_bytes()[..]).unwrap();
-
-    let builder = CertificateBuilder::new(
-        profile,
-        serial_number,
-        validity,
-        subject,
-        key_info,
-        &signing,
-    )
-    .expect("should create certificate");
-
-    let certificate = builder.build().unwrap();
-    certificate.to_pem(x509_cert::der::pem::LineEnding::LF).expect("should generate pem");
-    
-    // Note: In order to verify the certificate the same way the x509_cert crate does it via `x509-cert-test-support`, it requires an additional `zlint` tool to be installed
-    //       The tool is installed via `go install github.com/zmap/zlint/v3/cmd/zlint@latest`.
-    // 
-    // TODO: Blocked by: https://github.com/zmap/zlint/issues/883
-    // let ignored = &[];
-    // x509_cert_test_support::zlint::check_certificate(pem.as_bytes(), ignored);
-}
+fn get_algo_identifier() {
+    let verifying_key = VerifyingKey::from_public_key_der(PUBLIC_KEY_DER).unwrap();
+    let identifier = verifying_key.signature_algorithm_identifier().unwrap();
+    assert!(identifier.parameters.is_none()); // According to rfc8410 this must be None
+    assert_eq!(identifier.oid, ed25519::pkcs8::ALGORITHM_OID);
+
+    let signing_key = SigningKey::from_bytes(&SK_BYTES);
+    let identifer = signing_key.signature_algorithm_identifier().unwrap();
+    assert!(identifer.parameters.is_none()); // According to rfc8410 this must be None
+    assert_eq!(identifer.oid, ed25519::pkcs8::ALGORITHM_OID);
+}