diff --git a/src/lib.rs b/src/lib.rs index 80328aa..4d20fb2 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -761,6 +761,11 @@ impl EchConfigListBytes<'_> { } } +#[cfg(feature = "alloc")] +impl PemObjectFilter for EchConfigListBytes<'static> { + const KIND: SectionKind = SectionKind::EchConfigList; +} + impl fmt::Debug for EchConfigListBytes<'_> { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { hex(f, self.as_ref()) diff --git a/src/pem.rs b/src/pem.rs index 2798329..f0b3fe9 100644 --- a/src/pem.rs +++ b/src/pem.rs @@ -357,13 +357,21 @@ pub enum SectionKind { /// /// Appears as "CERTIFICATE REQUEST" in PEM files. Csr, + + /// An EchConfigList structure, as specified in + /// . + /// + /// Appears as "ECHCONFIG" in PEM files. + EchConfigList, } impl SectionKind { fn secret(&self) -> bool { match self { Self::RsaPrivateKey | Self::PrivateKey | Self::EcPrivateKey => true, - Self::Certificate | Self::PublicKey | Self::Crl | Self::Csr => false, + Self::Certificate | Self::PublicKey | Self::Crl | Self::Csr | Self::EchConfigList => { + false + } } } } @@ -380,6 +388,7 @@ impl TryFrom<&[u8]> for SectionKind { b"EC PRIVATE KEY" => Self::EcPrivateKey, b"X509 CRL" => Self::Crl, b"CERTIFICATE REQUEST" => Self::Csr, + b"ECHCONFIG" => Self::EchConfigList, _ => return Err(()), }) } diff --git a/tests/data/ech.pem b/tests/data/ech.pem new file mode 100644 index 0000000..94104b1 --- /dev/null +++ b/tests/data/ech.pem @@ -0,0 +1,7 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VuBCIEICjd4yGRdsoP9gU7YT7My8DHx1Tjme8GYDXrOMCi8v1V +-----END PRIVATE KEY----- +-----BEGIN ECHCONFIG----- +AD7+DQA65wAgACA8wVN2BtscOl3vQheUzHeIkVmKIiydUhDCliA4iyQRCwAEAAEA +AQALZXhhbXBsZS5jb20AAA== +-----END ECHCONFIG----- diff --git a/tests/data/zen.pem b/tests/data/zen.pem index 5b85106..f9ba7a6 100644 --- a/tests/data/zen.pem +++ b/tests/data/zen.pem @@ -162,4 +162,8 @@ gdiZyLcf1VDCCUGaskEi2CsggCQQJNyGi+8BSQ8MPKm/m0KrSchGQ157eWCCjopz f5GQe2UGOg5T7g8+S4GdECMwkMlTGUwlAM6LuOG/NZqP528PCAYQv0eOYdSwALQT GwTyU4AZ9y1uBFuaFxABew9GbDEtNY/XHTF8308edUwGBk6jfD+UuTeEwRZGs9E= -----END CERTIFICATE REQUEST----- +-----BEGIN ECHCONFIG----- +AD7+DQA65wAgACA8wVN2BtscOl3vQheUzHeIkVmKIiydUhDCliA4iyQRCwAEAAEA +AQALZXhhbXBsZS5jb20AAA== +-----END ECHCONFIG----- ... that's all folks! diff --git a/tests/pem.rs b/tests/pem.rs index 15b1c74..23ae537 100644 --- a/tests/pem.rs +++ b/tests/pem.rs @@ -4,8 +4,9 @@ use std::io::Cursor; use rustls_pki_types::pem::PemObject; use rustls_pki_types::{ - pem, CertificateDer, CertificateRevocationListDer, CertificateSigningRequestDer, PrivateKeyDer, - PrivatePkcs1KeyDer, PrivatePkcs8KeyDer, PrivateSec1KeyDer, SubjectPublicKeyInfoDer, + pem, CertificateDer, CertificateRevocationListDer, CertificateSigningRequestDer, + EchConfigListBytes, PrivateKeyDer, PrivatePkcs1KeyDer, PrivatePkcs8KeyDer, PrivateSec1KeyDer, + SubjectPublicKeyInfoDer, }; #[test] @@ -180,6 +181,20 @@ fn crls() { ); } +#[test] +fn ech_config() { + let data = include_bytes!("data/zen.pem"); + + EchConfigListBytes::from_pem_slice(data).unwrap(); + EchConfigListBytes::from_pem_reader(&mut Cursor::new(&data[..])).unwrap(); + EchConfigListBytes::from_pem_file("tests/data/zen.pem").unwrap(); + + assert!(matches!( + EchConfigListBytes::from_pem_file("tests/data/certificate.chain.pem").unwrap_err(), + pem::Error::NoItemsFound + )); +} + #[test] fn certificates_with_binary() { let data = include_bytes!("data/gunk.pem"); @@ -212,7 +227,7 @@ fn parse_in_order() { let items = <(pem::SectionKind, Vec) as PemObject>::pem_slice_iter(data) .collect::, _>>() .unwrap(); - assert_eq!(items.len(), 11); + assert_eq!(items.len(), 12); assert!(matches!(items[0], (pem::SectionKind::Certificate, _))); assert!(matches!(items[1], (pem::SectionKind::Certificate, _))); assert!(matches!(items[2], (pem::SectionKind::Certificate, _))); @@ -224,6 +239,7 @@ fn parse_in_order() { assert!(matches!(items[8], (pem::SectionKind::PrivateKey, _))); assert!(matches!(items[9], (pem::SectionKind::Crl, _))); assert!(matches!(items[10], (pem::SectionKind::Csr, _))); + assert!(matches!(items[11], (pem::SectionKind::EchConfigList, _))); } #[test]