How to use p256 with SubjectPublicKeyInfo and CertificateBuilder as a signer

[andrewbaxter]

I couldn't figure this out from the docs and I didn't see an example, and I got lost in the traits and generic constraints. AFAICT p256 stuff implements all the right traits, and I'm on the most recent versions of all published libraries.

I have

                let priv_key = p256::ecdsa::SigningKey::random(&mut rand::thread_rng());
                let self_spki = SubjectPublicKeyInfoOwned::from_key(priv_key.verifying_key()).unwrap();
                let pub_key_der = CertificateBuilder::new(
                   ...
                    &priv_key,
                ).unwrap().build().unwrap().to_der().unwrap();

from_key has this compile error:

error[E0277]: the trait bound `&ecdsa::verifying::VerifyingKey<p256::NistP256>: EncodePublicKey` is not satisfied
   --> src/publisher/mod.rs:371:69
    |
371 |                 let self_spki = SubjectPublicKeyInfoOwned::from_key(priv_key.verifying_key()).unwrap();
    |                                 ----------------------------------- ^^^^^^^^^^^^^^^^^^^^^^^^ the trait `EncodePublicKey` is not implemented for `&ecdsa::verifying::VerifyingKey<p256::NistP256>`
    |                                 |
    |                                 required by a bound introduced by this call
    |
    = help: the trait `EncodePublicKey` is implemented for `ecdsa::verifying::VerifyingKey<C>`
note: required by a bound in `spki::spki::allocating::<impl SubjectPublicKeyInfo<der::Any, der::asn1::BitString>>::from_key`
   --> /.../spki-0.7.3/src/spki.rs:212:16
    |
210 |         pub fn from_key<T>(source: T) -> Result<Self>
    |                -------- required by a bound in this associated function
211 |         where
212 |             T: EncodePublicKey,
    |                ^^^^^^^^^^^^^^^ required by this bound in `spki::spki::allocating::<impl SubjectPublicKeyInfo<Any, BitString>>::from_key`

Where I'm using it as the signer this compile error appears:

error[E0277]: the trait bound `OidSha256: AssociatedOid` is not satisfied
   --> /.../mod.rs:389:21
    |
372 |                 let pub_key_der = CertificateBuilder::new(
    |                                   ----------------------- required by a bound introduced by this call
...
389 |                     &priv_key,
    |                     ^^^^^^^^^ the trait `AssociatedOid` is not implemented for `OidSha256`
    |
    = help: the following other types implement trait `AssociatedOid`:
              CtVariableCoreWrapper<T, OutSize, O>
              ChallengePassword
              CoreWrapper<T>
              NistP256
              ecdsa::Signature<C>
              CertificatePolicies
              BasicConstraints
              PolicyConstraints
            and 20 others
    = note: required for `CtVariableCoreWrapper<Sha256VarCore, UInt<UInt<UInt<UInt<UInt<UInt<UTerm, B1>, B0>, B0>, B0>, B0>, B0>, OidSha256>` to implement `AssociatedOid`
    = note: 2 redundant requirements hidden
    = note: required for `ecdsa::Signature<NistP256>` to implement `AssociatedOid`
    = note: required for `ecdsa::Signature<NistP256>` to implement `AssociatedAlgorithmIdentifier`
    = note: required for `ecdsa::signing::SigningKey<NistP256>` to implement `SignatureAlgorithmIdentifier`
    = note: required for `ecdsa::signing::SigningKey<NistP256>` to implement `DynSignatureAlgorithmIdentifier`
note: required by a bound in `CertificateBuilder::<'s, S>::new`
   --> /.../x509-cert-0.2.5/src/builder.rs:266:18
    |
266 |     S: Keypair + DynSignatureAlgorithmIdentifier,
    |                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ required by this bound in `CertificateBuilder::<'s, S>::new`
...
270 |     pub fn new(
    |            --- required by a bound in this associated function

FWIW p256::SecretKey worked with SubjectPublicKeyInfo, but not as a signer. My understanding is that SubjectPublicKeyInfo is supposed to correspond to the signing key when self signing, so I'd expect these to be used together.

Sorry if this is obvious, between the generics/traits and all the PKI key types and encodings I ran out of footholds.

[andrewbaxter]

Forgot

signature = "2.2.0"
x509-cert = { version = "0.2.5", features = ["builder"] }
ecdsa = { version = "0.16.9", features = ["pkcs8", "der", "pem", "signing", "spki", "verifying"] }
p256 = "0.13.2"

[andrewbaxter]

Re: examples, https://docs.rs/ecdsa/latest/ecdsa/struct.SigningKey.html says

See the p256 crate for examples of using this type with a concrete elliptic curve.
so I feel like there should be an example of at least using a p256 signing key, but I couldn't find one. I think an example is probably what I need.

[tarcieri]

SubjectPublicKeyInfoOwned::from_key(priv_key.verifying_key()).unwrap()

It seems like SubjectPublicKeyInfoOwned::from_key has a somewhat annoying bound and should probably borrow its input /cc @baloo

In the meantime you can work around this by making a copy of the key:

SubjectPublicKeyInfoOwned::from_key(*priv_key.verifying_key()).unwrap()

error[E0277]: the trait bound OidSha256: AssociatedOid is not satisfied

I think you need to include the sha2 crate directly and enable its oid feature. The need for this will go away in the next breaking release.

[baloo]

It can definitely borrow! RustCrypto/formats#1290

[andrewbaxter]

Awesome, thanks! That took care of those errors. I'm glad I asked 🙇

Uhh... one more now if you don't mind

                let pub_key_der = CertificateBuilder::new(
...
                ).unwrap().build::<Signature>().unwrap().to_der().unwrap();

where Signature is p256::ecdsa::Signature gives

error[E0277]: the trait bound `ecdsa::Signature<NistP256>: SignatureBitStringEncoding` is not satisfied
   --> /.../mod.rs:394:36
    |
394 |                 ).unwrap().build::<Signature>().unwrap().to_der().unwrap();
    |                            -----   ^^^^^^^^^ the trait `SignatureBitStringEncoding` is not implemented for `ecdsa::Signature<NistP256>`
    |                            |
    |                            required by a bound introduced by this call
    |
    = help: the trait `SignatureBitStringEncoding` is implemented for `ecdsa::der::Signature<C>`
note: required by a bound in `build`
   --> /.../x509-cert-0.2.5/src/builder.rs:428:20
    |
425 |     fn build<Signature>(mut self) -> Result<Self::Output>
    |        ----- required by a bound in this associated function
...
428 |         Signature: SignatureBitStringEncoding,
    |                    ^^^^^^^^^^^^^^^^^^^^^^^^^^ required by this bound in `Builder::build`

Looking at the bounds of SignatureBitStringEncoding, namely PrimeCurve, NistP256 seems to have that covered and it doesn't seem to be feature gated (I enabled alloc on ecdsa to be sure).

[tarcieri]

The compiler message notes what you need to do:

 help: the trait `SignatureBitStringEncoding` is implemented for `ecdsa::der::Signature<C>`

It needs to be an ASN.1 DER encoded signature, however ecdsa::Signature is a non-ASN.1 "fixed" encoding.

Use p256::ecdsa::DerSignature instead (which is a type alias for ecdsa::der::Signature)

[andrewbaxter]

Oh bleh, okay thanks! That worked perfectly!