crypto: use rsa crate for generating keys
Turns out the performance problems are mostly limited to debug builds, which is fine.
This commit is contained in:
parent
f349ae99c7
commit
816a87f873
1 changed files with 6 additions and 10 deletions
|
@ -109,22 +109,18 @@ impl PubKey {
|
||||||
impl PrivKey {
|
impl PrivKey {
|
||||||
/// Generate a new private key.
|
/// Generate a new private key.
|
||||||
pub fn new() -> Result<PrivKey> {
|
pub fn new() -> Result<PrivKey> {
|
||||||
// The rsa crate takes like two orders of magnitude longer to generate a key,
|
let pkey = RsaPrivateKey::new(&mut OsRng, DEFAULT_KEY_SIZE).map_err(Error::from)?;
|
||||||
// so until they get that under control we'll use the raw OpenSSL bindings to
|
let der = pkey.to_public_key_der().map_err(Error::from)?.into_vec();
|
||||||
// generate a key, encode it to PKCS#1 DER, and load it again.
|
|
||||||
let pkey = openssl::rsa::Rsa::generate(DEFAULT_KEY_SIZE as u32).unwrap();
|
|
||||||
let pkcs1_der = pkey.private_key_to_der().unwrap();
|
|
||||||
let pkey =
|
|
||||||
<RsaPrivateKey as pkcs1::DecodeRsaPrivateKey>::from_pkcs1_der(pkcs1_der.as_slice())
|
|
||||||
.map_err(Error::from)?;
|
|
||||||
let der = pkey.to_pkcs8_der().map_err(Error::from)?;
|
|
||||||
let der = Vec::from(der.as_bytes());
|
|
||||||
Ok(PrivKey {
|
Ok(PrivKey {
|
||||||
pkey: OnceCell::from(pkey),
|
pkey: OnceCell::from(pkey),
|
||||||
der,
|
der,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Construct a new private key from a DER encoded PKCS#8 key **without validity checks**.
|
||||||
|
/// This function is not `unsafe` because if the data is not valid DER, all operations will
|
||||||
|
/// simply fail instead of resulting in undefined behaviour. Furthermore, this function
|
||||||
|
/// will only be called from keys stored directly in the database, so it should be fine.
|
||||||
pub fn from_der_unchecked(der: Vec<u8>) -> PrivKey {
|
pub fn from_der_unchecked(der: Vec<u8>) -> PrivKey {
|
||||||
PrivKey {
|
PrivKey {
|
||||||
pkey: OnceCell::new(),
|
pkey: OnceCell::new(),
|
||||||
|
|
Loading…
Reference in a new issue