ssh-key: remove fingerprint feature (#27)

The relevant functionality is now enabled by default.

This cuts down on the number of features and overall feature-related
complexity, especially as fingerprints are important baseline
functionality.

Author: tarcieri

ssh-key/Cargo.toml

@@ -20,6 +20,7 @@ rust-version = "1.60"
 [dependencies]
 base64ct = "1.4"
 pem-rfc7468 = "0.6"
+sha2 = { version = "0.10.6", default-features = false }
 zeroize = { version = "1", default-features = false }
 
 # optional dependencies
@@ -36,7 +37,6 @@ rsa = { version = "0.7", optional = true }
 sec1 = { version = "0.3", optional = true, default-features = false, features = ["point"] }
 serde = { version = "1", optional = true }
 sha1 = { version = "0.10", optional = true, default-features = false }
-sha2 = { version = "0.10.6", optional = true, default-features = false, features = ["oid"] }
 signature = { version = "1.6.4", optional = true, default-features = false }
 subtle = { version = "2", optional = true, default-features = false }
 
@@ -47,7 +47,7 @@ tempfile = "3"
 zeroize_derive = "1.3" # hack to make minimal-versions lint happy (pulled in by `ed25519-dalek`)
 
 [features]
-default = ["ecdsa", "fingerprint", "std", "rand_core"]
+default = ["ecdsa", "rand_core", "std"]
 alloc = ["base64ct/alloc", "signature", "zeroize/alloc"]
 std = [
     "alloc",
@@ -65,9 +65,8 @@ dsa = ["dep:bigint", "dep:dsa", "dep:sha1", "signature/rand-preview"]
 ecdsa = ["dep:sec1"]
 ed25519 = ["dep:ed25519-dalek", "rand_core"]
 encryption = [ "alloc", "dep:aes", "dep:bcrypt-pbkdf", "dep:ctr", "rand_core"]
-fingerprint = ["dep:sha2"]
 getrandom = ["rand_core/getrandom"]
-rsa = ["dep:bigint", "dep:rsa"]
+rsa = ["dep:bigint", "dep:rsa", "sha2/oid"]
 
 [package.metadata.docs.rs]
 all-features = true

ssh-key/src/certificate.rs

@@ -20,20 +20,15 @@ use crate::{
     public::{Encapsulation, KeyData},
     reader::{Base64Reader, Reader},
     writer::{base64_len, Writer},
-    Algorithm, Error, Result, Signature,
+    Algorithm, Error, Fingerprint, HashAlg, Result, Signature,
 };
 use alloc::{
     borrow::ToOwned,
     string::{String, ToString},
     vec::Vec,
 };
 use core::str::FromStr;
-
-#[cfg(feature = "fingerprint")]
-use {
-    crate::{Fingerprint, HashAlg},
-    signature::Verifier,
-};
+use signature::Verifier;
 
 #[cfg(feature = "serde")]
 use serde::{de, ser, Deserialize, Serialize};
@@ -372,8 +367,8 @@ impl Certificate {
     ///
     /// See [`Certificate::validate_at`] documentation for important notes on
     /// how to properly validate certificates!
-    #[cfg(all(feature = "fingerprint", feature = "std"))]
-    #[cfg_attr(docsrs, doc(cfg(all(feature = "fingerprint", feature = "std"))))]
+    #[cfg(feature = "std")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
     pub fn validate<'a, I>(&self, ca_fingerprints: I) -> Result<()>
     where
         I: IntoIterator<Item = &'a Fingerprint>,
@@ -409,8 +404,6 @@ impl Certificate {
     /// ## Returns
     /// - `Ok` if the certificate validated successfully
     /// - `Error::CertificateValidation` if the certificate failed to validate
-    #[cfg(feature = "fingerprint")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "fingerprint")))]
     pub fn validate_at<'a, I>(&self, unix_timestamp: u64, ca_fingerprints: I) -> Result<()>
     where
         I: IntoIterator<Item = &'a Fingerprint>,
@@ -454,7 +447,6 @@ impl Certificate {
     ///
     /// It is public only for testing purposes, and deliberately hidden from
     /// the documentation for that reason.
-    #[cfg(feature = "fingerprint")]
     #[doc(hidden)]
     pub fn verify_signature(&self) -> Result<()> {
         let mut tbs_certificate = Vec::new();

ssh-key/src/certificate/builder.rs

@@ -309,7 +309,7 @@ impl Builder {
         cert.encode_tbs(&mut tbs_cert)?;
         cert.signature = signing_key.try_sign(&tbs_cert)?;
 
-        #[cfg(all(debug_assertions, feature = "fingerprint"))]
+        #[cfg(debug_assertions)]
         cert.validate_at(
             cert.valid_after.into(),
             &[cert.signature_key.fingerprint(Default::default())],

ssh-key/src/certificate/unix_time.rs

@@ -58,7 +58,7 @@ impl UnixTime {
     }
 
     /// Get the current time as a Unix timestamp.
-    #[cfg(all(feature = "std", feature = "fingerprint"))]
+    #[cfg(all(feature = "std"))]
     pub fn now() -> Result<Self> {
         SystemTime::now().try_into()
     }

ssh-key/src/fingerprint.rs

@@ -37,7 +37,6 @@ use {
 ///
 /// When the `serde` feature of this crate is enabled, this type receives impls
 /// of [`Deserialize`][`serde::Deserialize`] and [`Serialize`][`serde::Serialize`].
-#[cfg_attr(docsrs, doc(cfg(feature = "fingerprint")))]
 #[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)]
 #[non_exhaustive]
 pub enum Fingerprint {

ssh-key/src/lib.rs

@@ -154,12 +154,11 @@ mod cipher;
 mod decode;
 mod encode;
 mod error;
+mod fingerprint;
 mod kdf;
 mod reader;
 mod writer;
 
-#[cfg(feature = "fingerprint")]
-mod fingerprint;
 #[cfg(feature = "alloc")]
 mod mpint;
 #[cfg(feature = "alloc")]
@@ -170,12 +169,14 @@ pub use crate::{
     authorized_keys::AuthorizedKeys,
     cipher::Cipher,
     error::{Error, Result},
+    fingerprint::Fingerprint,
     kdf::Kdf,
     private::PrivateKey,
     public::PublicKey,
 };
 pub use base64ct::LineEnding;
 pub use pem_rfc7468 as pem;
+pub use sha2;
 
 #[cfg(feature = "alloc")]
 pub use crate::{
@@ -185,8 +186,5 @@ pub use crate::{
 #[cfg(feature = "ecdsa")]
 pub use sec1;
 
-#[cfg(feature = "fingerprint")]
-pub use crate::fingerprint::Fingerprint;
-
 #[cfg(feature = "rand_core")]
 pub use rand_core;

ssh-key/src/private.rs

@@ -139,7 +139,7 @@ use crate::{
     public,
     reader::Reader,
     writer::Writer,
-    Algorithm, Cipher, Error, Kdf, PublicKey, Result,
+    Algorithm, Cipher, Error, Fingerprint, HashAlg, Kdf, PublicKey, Result,
 };
 use core::str;
 
@@ -149,9 +149,6 @@ use {
     zeroize::Zeroizing,
 };
 
-#[cfg(feature = "fingerprint")]
-use crate::{Fingerprint, HashAlg};
-
 #[cfg(feature = "rand_core")]
 use rand_core::{CryptoRng, RngCore};
 
@@ -412,8 +409,6 @@ impl PrivateKey {
     /// Compute key fingerprint.
     ///
     /// Use [`Default::default()`] to use the default hash function (SHA-256).
-    #[cfg(feature = "fingerprint")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "fingerprint")))]
     pub fn fingerprint(&self, hash_alg: HashAlg) -> Fingerprint {
         self.public_key.fingerprint(hash_alg)
     }

ssh-key/src/public.rs

@@ -27,7 +27,7 @@ use crate::{
     decode::Decode,
     encode::Encode,
     reader::{Base64Reader, Reader},
-    Algorithm, Error, Result,
+    Algorithm, Error, Fingerprint, HashAlg, Result,
 };
 use core::str::FromStr;
 
@@ -41,9 +41,6 @@ use {
     },
 };
 
-#[cfg(feature = "fingerprint")]
-use crate::{Fingerprint, HashAlg};
-
 #[cfg(all(feature = "alloc", feature = "serde"))]
 use serde::{de, ser, Deserialize, Serialize};
 
@@ -211,8 +208,6 @@ impl PublicKey {
     /// Compute key fingerprint.
     ///
     /// Use [`Default::default()`] to use the default hash function (SHA-256).
-    #[cfg(feature = "fingerprint")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "fingerprint")))]
     pub fn fingerprint(&self, hash_alg: HashAlg) -> Fingerprint {
         self.key_data.fingerprint(hash_alg)
     }

ssh-key/src/public/key_data.rs

@@ -3,7 +3,7 @@
 use super::{Ed25519PublicKey, SkEd25519};
 use crate::{
     checked::CheckedSum, decode::Decode, encode::Encode, reader::Reader, writer::Writer, Algorithm,
-    Error, Result,
+    Error, Fingerprint, HashAlg, Result,
 };
 
 #[cfg(feature = "alloc")]
@@ -12,9 +12,6 @@ use super::{DsaPublicKey, RsaPublicKey};
 #[cfg(feature = "ecdsa")]
 use super::{EcdsaPublicKey, SkEcdsaSha2NistP256};
 
-#[cfg(feature = "fingerprint")]
-use crate::{Fingerprint, HashAlg};
-
 /// Public key data.
 #[derive(Clone, Debug, Eq, PartialEq, PartialOrd, Ord)]
 #[non_exhaustive]
@@ -99,8 +96,6 @@ impl KeyData {
     /// Compute key fingerprint.
     ///
     /// Use [`Default::default()`] to use the default hash function (SHA-256).
-    #[cfg(feature = "fingerprint")]
-    #[cfg_attr(docsrs, doc(cfg(feature = "fingerprint")))]
     pub fn fingerprint(&self, hash_alg: HashAlg) -> Fingerprint {
         Fingerprint::new(hash_alg, self)
     }

ssh-key/src/writer.rs

@@ -2,13 +2,11 @@
 
 use crate::Result;
 use pem_rfc7468 as pem;
+use sha2::{Digest, Sha256, Sha512};
 
 #[cfg(feature = "alloc")]
 use alloc::vec::Vec;
 
-#[cfg(feature = "fingerprint")]
-use sha2::{Digest, Sha256, Sha512};
-
 /// Get the estimated length of data when encoded as Base64.
 ///
 /// This is an upper bound where the actual length might be slightly shorter.
@@ -50,15 +48,13 @@ impl Writer for Vec<u8> {
     }
 }
 
-#[cfg(feature = "fingerprint")]
 impl Writer for Sha256 {
     fn write(&mut self, bytes: &[u8]) -> Result<()> {
         self.update(bytes);
         Ok(())
     }
 }
 
-#[cfg(feature = "fingerprint")]
 impl Writer for Sha512 {
     fn write(&mut self, bytes: &[u8]) -> Result<()> {
         self.update(bytes);