Remove the alternative implementation

Author: nabetti1720

Cargo.lock

@@ -36,7 +36,6 @@ pki-types = { package = "rustls-pki-types", version = "1", default-features = fa
 rand_core = { version = "0.10.0-rc-3", default-features = false }
 rsa = { version = "0.10.0-rc.11", default-features = false, features = ["sha2", "encoding"] }
 rustls = { version = "0.23", default-features = false }
-sec1 = { version = "0.8.0-rc.11", default-features = false, features = ["pem"] }
 sha2 = { version = "0.11.0-rc.3", default-features = false }
 signature = { version = "3.0.0-rc.6", default-features = false }
 x25519-dalek = { version = "3.0.0-pre.4", default-features = false }

Cargo.toml

@@ -2,7 +2,6 @@
 use alloc::{boxed::Box, format, sync::Arc};
 use core::marker::PhantomData;
 
-use der::asn1::ObjectIdentifier;
 use paste::paste;
 use pkcs8::DecodePrivateKey;
 use pki_types::PrivateKeyDer;
@@ -26,30 +25,7 @@ macro_rules! impl_ecdsa {
                         PrivateKeyDer::Pkcs8(der) => {
                             $signing_key::from_pkcs8_der(der.secret_pkcs8_der()).map_err(|e| format!("failed to decrypt private key: {e}"))
                         },
-                        PrivateKeyDer::Sec1(sec1) => {
-                            // Parse SEC1 ECPrivateKey and extract the private key octets
-                            let res = sec1::EcPrivateKey::try_from(sec1.secret_sec1_der())
-                                .map_err(|e| format!("failed to parse SEC1 private key: {e}"))
-                                .and_then(|ec| {
-                                    // If parameters are present, ensure the named curve OID matches the expected curve
-                                    if let Some(params) = ec.parameters {
-                                        if let Some(oid) = params.named_curve() {
-                                            let expected_oid = if stringify!($name) == "P256" {
-                                                ObjectIdentifier::new_unwrap("1.2.840.10045.3.1.7")
-                                            } else {
-                                                ObjectIdentifier::new_unwrap("1.3.132.0.34")
-                                            };
-                                            if oid != expected_oid {
-                                                return Err("not a supported curve".into());
-                                            }
-                                        }
-                                    }
-
-                                    // Construct signing key from the raw private octets
-                                    $signing_key::from_slice(ec.private_key).map_err(|e| format!("failed to parse EC secret: {e}"))
-                                });
-                            res
-                        },
+                        PrivateKeyDer::Sec1(_) => Err(format!("ECDSA does not support SEC1 key")),
                         PrivateKeyDer::Pkcs1(_) => Err(format!("ECDSA does not support PKCS#1 key")),
                         _ => Err("not supported".into()),
                     };

src/sign/ecdsa.rs

@@ -2,12 +2,10 @@
 use alloc::{boxed::Box, format, string::ToString, sync::Arc};
 use core::marker::PhantomData;
 
-use der::asn1::ObjectIdentifier;
 use pkcs8::DecodePrivateKey;
 use pki_types::PrivateKeyDer;
 use rustls::sign::{Signer, SigningKey};
 use rustls::{SignatureAlgorithm, SignatureScheme};
-use sec1::EcPrivateKey;
 
 #[derive(Debug)]
 pub struct Ed25519SigningKey {
@@ -24,33 +22,7 @@ impl TryFrom<&PrivateKeyDer<'_>> for Ed25519SigningKey {
                 ed25519_dalek::SigningKey::from_pkcs8_der(der.secret_pkcs8_der())
                     .map_err(|e| format!("failed to decrypt private key: {e}"))
             }
-            PrivateKeyDer::Sec1(sec1) => {
-                // Parse SEC1 ECPrivateKey and extract the raw private key bytes.
-                let res = EcPrivateKey::try_from(sec1.secret_sec1_der())
-                    .map_err(|e| format!("failed to parse SEC1 private key: {e}"))
-                    .and_then(|ec| {
-                        // If parameters are present, ensure the named curve OID is id-Ed25519 (1.3.101.112)
-                        if let Some(params) = ec.parameters {
-                            if let Some(oid) = params.named_curve() {
-                                let ed_oid = ObjectIdentifier::new_unwrap("1.3.101.112");
-                                if oid != ed_oid {
-                                    return Err("not an Ed25519 key".to_string());
-                                }
-                            }
-                        }
-
-                        // Private key must be exactly 32 bytes for Ed25519
-                        let sk = ec.private_key;
-                        if sk.len() != ed25519_dalek::SECRET_KEY_LENGTH {
-                            return Err("invalid Ed25519 secret length".to_string());
-                        }
-
-                        // Convert to SigningKey
-                        ed25519_dalek::SigningKey::try_from(sk)
-                            .map_err(|e| format!("failed to parse Ed25519 secret: {e}"))
-                    });
-                res
-            }
+            PrivateKeyDer::Sec1(_) => Err("ED25519 does not support SEC1 key".to_string()),
             PrivateKeyDer::Pkcs1(_) => Err("ED25519 does not support PKCS#1 key".to_string()),
             _ => Err("not supported".into()),
         };