chore: circumvent unused clippy lint in a struct with #[zeoize(skip)]

Just do the equivalent of `zeroize(skip)` - `Zeroize<T>` on the other
field.

There is presumably a bug or an incomatibility in the zeroize derive
macro, which causes a field marked with `#[zeroize(skip)]` as ununsed.
This is a way around that lint.

Author: SimonThormeyer

crypto/src/mls/credential/mod.rs

@@ -312,7 +312,7 @@ mod tests {
         let new_pki_kp = PkiKeypair::rand_unchecked(case.signature_scheme());
 
         let eve_key = CertificatePrivateKey {
-            value: new_pki_kp.signing_key_bytes(),
+            value: new_pki_kp.signing_key_bytes().into(),
             signature_scheme: case.ciphersuite().signature_algorithm(),
         };
         let cb = CertificateBundle {

crypto/src/mls/credential/x509.rs

@@ -10,19 +10,17 @@ use openmls_x509_credential::CertificateKeyPair;
 use wire_e2e_identity::prelude::{HashAlgorithm, WireIdentityReader};
 #[cfg(test)]
 use x509_cert::der::Encode;
-use zeroize::Zeroize;
+use zeroize::Zeroizing;
 
 use super::{Error, Result};
 #[cfg(test)]
 use crate::test_utils::x509::X509Certificate;
 use crate::{ClientId, Credential, CredentialType, MlsError, RecursiveError, e2e_identity::id::WireQualifiedClientId};
 
-#[derive(core_crypto_macros::Debug, Clone, Zeroize)]
-#[zeroize(drop)]
+#[derive(core_crypto_macros::Debug, Clone)]
 pub struct CertificatePrivateKey {
     #[sensitive]
-    pub(crate) value: Vec<u8>,
-    #[zeroize(skip)]
+    pub(crate) value: Zeroizing<Vec<u8>>,
     pub(crate) signature_scheme: SignatureScheme,
 }
 
@@ -210,7 +208,7 @@ impl CertificateBundle {
         Self {
             certificate_chain: vec![cert.certificate.to_der().unwrap(), issuer.certificate.to_der().unwrap()],
             private_key: CertificatePrivateKey {
-                value: cert.pki_keypair.signing_key_bytes(),
+                value: cert.pki_keypair.signing_key_bytes().into(),
                 signature_scheme: cert.signature_scheme,
             },
         }

crypto/src/test_utils/mod.rs

@@ -207,7 +207,7 @@ impl SessionContext {
                     certificate_chain: vec![cert_der],
                     private_key: crate::mls::credential::x509::CertificatePrivateKey {
                         signature_scheme,
-                        value: actor_cert.pki_keypair.signing_key_bytes(),
+                        value: actor_cert.pki_keypair.signing_key_bytes().into(),
                     },
                 }
             }

crypto/src/transaction_context/e2e_identity/mod.rs

@@ -89,7 +89,7 @@ impl TransactionContext {
         let crl_new_distribution_points = self.extract_dp_on_init(&certificate_chain[..]).await?;
 
         let private_key = CertificatePrivateKey {
-            value: sk,
+            value: sk.into(),
             signature_scheme: cs.signature_algorithm(),
         };
 

crypto/src/transaction_context/e2e_identity/rotate.rs

@@ -155,7 +155,7 @@ impl TransactionContext {
             .map_err(RecursiveError::e2e_identity("getting certificate response"))?;
 
         let private_key = CertificatePrivateKey {
-            value: sk,
+            value: sk.into(),
             signature_scheme,
         };